This page intentionally left blank
Mathematical Logic
This page intentionally left blank
Mathematical Logic
Geor...

Author:
George Tourlakis

This content was uploaded by our users and we assume good faith they have the permission to share this book. If you own the copyright to this book and it is wrongfully on our website, we offer a simple DMCA procedure to remove your content from our site. Start by pressing the button below!

This page intentionally left blank

Mathematical Logic

This page intentionally left blank

Mathematical Logic

George Tourlakis York University Department of Computer Science and Engineering Toronto, Ontario, Canada

WILEY A JOHN WILEY & SONS, INC., PUBLICATION

Copyright © 2008 by John Wiley & Sons, Inc. All rights reserved. Published by John Wiley & Sons, Inc., Hoboken, New Jersey. Published simultaneously in Canada. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 750-4470, or on the web at www.copyright.com. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at http://www.wiley.com/go/permission. Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their best efforts in preparing this book, they make no representations or warranties with respect to the accuracy or completeness of the contents of this book and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives or written sales materials. The advice and strategies contained herein may not be suitable for your situation. You should consult with a professional where appropriate. Neither the publisher nor author shall be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages. For general information on our other products and services or for technical support, please contact our Customer Care Department within the United States at (800) 762-2974, outside the United States at (317) 572-3993 or fax (317) 572-4002. Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic format. For information about Wiley products, visit our web site at www.wiley.com.

Library of Congress Cataloging-in-Publication Data: Tourlakis, George J. Mathematical logic / George Tourlakis. p. cm. Includes bibliographical references and index. ISBN 978-0-470-28074-4 (cloth) 1. Logic, Symbolic and mathematical—Textbooks. I. Title. QA9.T68 2008 511.3—dc22 Printed in the United States of America. 10

9 8 7 6 5 4 3 2 1

2008009433

To those who taught me

This page intentionally left blank

CONTENTS

Preface

xi

Acknowledgments

xvii PART I

1

2

BOOLEAN LOGIC

The Beginning

3

1.1

Boolean Formulae

8

1.2

Induction on the Complexity of WFF: Some Easy Properties of WFF

17

1.3 1.4 1.5

Inductive Definitions on Formulae Proofs and Theorems Additional Exercises

22 37 48

Theorems and Metatheorems

51

2.1 2.2

More Hilbert-Style Proofs Equational-Style Proofs

51 60

2.3 2.4

Equational Proof Layout More Proofs: Enriching Our Toolbox

63 66 vli

viii

3

CONTENTS

2.5

Using Special Axioms in Equational Proofs

76

2.6

The Deduction Theorem

81

2.7

Additional Exercises

86

T h e Interplay between Syntax and Semantics

89

3.1 3.2

Soundness Post's Theorem

90 93

3.3 3.4

Full Circle Single-Formula Leibniz

99 100

3.5 3.6

Appendix: Resolution in Boolean Logic Additional Exercises

104 107

PART II 4

PREDICATE LOGIC

Extending Boolean Logic

113

4.1

The First-Order Language of Predicate Logic

115

4.2 4.3

Axioms and Rules of First-Order Logic Additional Exercises

138 148

5

Two Equivalent L o g i c s

151

6

Generalization and Additional Leibniz Rules

155

6.1

Inserting and Removing "(Vx)"

155

6.2 6.3

Leibniz Rules that Affect Quantifier Scopes The Leibniz Rules "8.12"

165 168

6.4

Additional Useful Tools

170

6.5 6.6

Inserting and Removing "(3x)" Additional Exercises

178 187

7

Properties of Equality

191

8

First-Order Semantics—Very Naively

195

8.1 8.2 8.3

196 201 208

Interpretations Soundness in Predicate Logic Additional Exercises

Appendix A: Godel's Theorems and Computability A.l Revisiting Tarski Semantics

211 212

CONTENTS

A.2 A.3

A.4

Completeness A Brief Theory of Computability A.3.1 A Programming Framework for Computable Functions A.3.2 Primitive Recursive Functions A.3.3 URM Computations A.3.4 Semi-computable Relations; Unsolvability Godel's First Incompleteness Theorem A.4.1 Supplement: (x) Τ Is First-Order Definable in 01 x

IX

223 232 233 243 254 259 263 275

References

281

Index

285

This page intentionally left blank

Preface

This volume is about the foundation of mathematics, the way it was conceptualized by Russell and Whitehead [56], Hilbert (and Bernays) [22], and Bourbaki [2]: Mathematical Logic. This is the discipline that, much later, Gries and Schneider [17] called the "glue" that holds mathematics together. Mathematical logic, on one hand, builds the tools for mathematical reasoning with a view of providing a formal methodology—i.e., one that relies on the form or syntax of mathematical statements rather than on their meaning—that is meant to be applied for constructing mathematical arguments that are correct, well documented, and therefore understandable. On the other hand, it studies the interplay between the written structure (syntax) of mathematical statements and their meaning: Are the theorems that we prove by pure syntactic manipulation true under some reasonable definition of true? Are there any true mathematical statements that our tools cannot prove? The former question will be answered in the affirmative later in this book, while the latter question, interestingly, has both "no" (Godel's completeness theorem [15]) and "yes" (Godel's 1

'"Nicolas Bourbaki" is the pen-name of a team of top mathematicians who are responsible for the monumental work, "Elemens de Mathematique", which starts with logic as the foundation, or "connecting glue" in the words of [ 17], and then proceeds to extensively cover fields such as set theory, algebra, topology, analysis, measure, and integration.

xl

Xii

PREFACE

(first)mcompleteness theorem [16]) answers! Both of these answers are carefully reconstructed in the Appendix to Part II. Much has been written on logic, which is nowadays a mature mathematical body of knowledge and research. The majority of books written with upper-level undergraduate audiences (and beyond) in mind deal mostly with the metamathematics or metatheory of mathematical logic; that is, they view logic as a mathematical object and study its abilities and limitations (such as incompleteness), and the theory of models, giving short shrift to the issue of using logic as a tool. There are currently only two books that the author is aware of that chronologically precede this volume and address almost exclusively the interests and needs of the user of logic. Both present the subject as a set of tools with which one can do mathematics (or computer science, or philosophy, or anything else that requires reasoning) rigorously, correctly, formally, and with adequate documentation: [2] and [17]. The former tersely introduces logic in its first chapter with a view of applying it as a rigorous tool for theorem generation in the numerous (and very advanced) chapter-volumes that follow (from set theory and algebra to topology, and measure and integration). The latter, a much more recent entry in the literature, is an elementary text (aimed at undergraduate university curricula in computer science) in the same spirit as Bourbaki's, which proposes to use logic, once again, as a tool to prove theorems of interest to computer scientists. Indeed, the second part of [17] is on discrete mathematics in the sense that this term, more or less, is understood by most computer science departments today. Similarly, the volume in your hands aims to thoroughly teach the use of logic as a tool for reasoning appropriate for upper-level undergraduate university students in fields of study such as computer science, mathematics, and philosophy. For the first group, this is an introduction to formal methods—a subject that is often included in computer science curricula—providing the student with the tools, the methodology, and a solid grounding on technique. As the student advances along the computer science curriculum, this volume's toolbox on formal methods will find serious applications in courses such as design and analysis of algorithms, theory of computation, computational complexity, software specification and design, artificial intelligence, and program verification. The second group's curriculum, at the targeted level, in addition to a solid course on the use of logic, will normally also require a more ambitious inquiry into the 2

It is nol that Godel was of two minds on the issue. Rather, the question can be made precise in two different ways, and, correspondingly, one gets two different answers. One way is to think of "universal" truth, such as the truth of " i = x". Universal truth is completely certifiable by the syntactic tools. The other is to think of truth in the "standard models" of some "rich" theories—rich in what one can formulate and prove in them, that is. Formal (Peano) arithmetic—that is, the axiomatic system that attempts to explain the set of natural numbers and the arithmetic operations and relations on it, the standard model— is such a rich theory. Godel showed the existence of true arithmetical statements in the model that cannot be syntactically proved in the axiom system of Peano arithmetic. One such true statement says, "I am not a theorem." 2

PREFACE

Xiii

capabilities and limitations of logic viewed as a mathematical tool. This further trip into the metatheory of logic will traditionally want to delve into two foundational gems beyond those of soundness and propositional completeness. Both are due to Godel, namely, his completeness and incompleteness theorems. The Appendix to Part II settles the former in full detail, and also offers a proof of the latter (actually, only of the first incompleteness theorem ), basing it on an inherent limitation of "general" models of computation, in the process illuminating the connection between the phenomena of uncomputability and unprovability. As a side-effect of constructing a self-contained proof of the first incompleteness theorem, we had to develop a fair amount of computability theory that will be of direct interest to all the readers, in particular, those in computer science. The third group of readers, philosophy majors, traditionally require less coverage in a course in logic than what I have presented here; however, philosophy curricula often include a course in symbolic logic at an advanced undergraduate level, and this volume will be an apt companion for such studies. The book's aim to teach the practice of logic dictates that it must look and feel much like a serious text on programming. In fact, I argue at the very beginning of the first chapter, that learning and practicing logic is a process like that of learning and practicing programming. As a result, the emphasis is on presenting a multitude of tools, and on using these tools in many fully written and annotated proofs, an approach that is intended to enhance the reader's effectiveness as a "prover", giving him many examples for emulation. There are some important differences—despite the superficial similarities that the common end-aims impose—between the approach and content in this volume and that in its similarly aimed predecessors [2] and [17]. Bourbaki provides tools for use by the "practicing mathematician" and does not bother with any semantic issues, presumably on the assumption that the mathematician knows full well how the syntactic and semantic notions interact and relate, and has an already well developed experience and ability to use semantic methods toward finding counterexamples when needed. He merely introduces and uses the so-called Hubert style of proofs (cf. 1.4.12) that is most commonly used by mathematicians. The text of [ 17] is equally silent about the interplay between syntax and semantics, and about any aspect of the metatheory, and refers to Hilbert-style proofs only tangentially. The authors prefer to exclusively propound the equational (or calculational) proof style (cf. Section 2.2), originally proposed in [11]. Moreover, unlike [2], they take liberties with their formalism. For example, even though they argue in their introduction in favor of using formal methods in practical reasoning, they distance themselves from a true syntactic approach, especially in their Chapter 8, where facts 3

4

5

The second incompleteness theorem, that the freedom of contradiction of "rich" axiomatic systems such as Peano arithmetic cannot be proved "from within", is beyond the scope of this volume. Indeed, the only complete proofs in print for this result are found in [22], Vol. II, and in [53]. His. him, he and related terms that grammatically indicate gender are, by definition, gender neutral in this volume. A formalism in the context of mathematical logic is any particular way logicians structure their formal methods. 3

4

5

XiV

PREFACE

outside logic taken from algebra and number and set theory are presented as axioms of predicate logic. While the approach in this volume is truly formal, just like Bourbaki's, it is not as terse; we are guilty of the opposite tendency! We also believe that, unlike the seasoned practitioner, the undergraduate mathematics, computer science, and philosophy students need some reassurance that the form-manipulation proof-writing tools presented here indeed prove (mathematical) "truths", "all truths", and "nothing but truths". This means that we cannot run away from the most basic and fundamental metatheoretical results. After all, every practitioner needs to know a few things about the properties of his tools; this will make him more effective in their use. Thus 1 include proofs of the soundness (meta)theorems for both prepositional and predicate logics (this addresses the "truths", and "nothing but truths" part) and also the two "completeness" results, of prepositional and predicate logics (this is the "all truths" part). However, to maintain both the emphasis on the use of logic and an elementary but rigorous flow of exposition I have delegated the much-harder-to-prove completeness metatheorem of predicate logic ([15]) to a sizable appendix at the end of the book. Why are soundness and completeness relevant to the needs of the user? Completeness of prepositional logic, along with its soundness, give us the much-needed—in the interest of user-friendliness—license to mix semantic and syntactic tools in formal proofs without sacrificing mathematical rigor. Indeed, this license (to use prepositional semantic tools) is extended even in predicate logic, and is made possible by the trick of adding and removing quantifiers ("for all" and "for some"). On the other hand, soundness of the two logics allows the user to disprove statements by constructing so-called countermodels. There are also quite a few simpler metatheoretical results, beyond soundness and completeness, that we routinely introduce and prove as needed about formulae (e.g., about their syntax) and about proofs (e.g., the validity of principles of proof such as hypothesis strengthening, deduction theorem, and generalization), using the basic tool of induction (essentially on formula and proof lengths). The Hubert style of proving theorems is prevalent in the mathematical literature and is prominently displayed and practiced in this volume. On the other hand, the equational-style of displaying proofs has been gaining in popularity especially in computer science curricula. It is a style of proof that seems well adapted to areas in computer science such as software engineering (in particular, in the field of software engineering requirements) and program verification. For the above reason, equational-style proofs receive a thorough exposition in this volume. It is my intention to endow the reader with enough machinery that will make him proficient in both styles of proof, but more importantly, will enable him to choose the style that is best suited to writing a proof for any particular theorem. In terms of prior knowledge (tools) needed to cope with this volume the reader should at least have high school mathematics (but I expect that this includes mathematical induction and some basic algebra). A degree of mathematical maturity, but no specific additional knowledge, of the kind an upper-level undergraduate will normally have will also be handy.

PREFACE

XV

A word on pedagogical approach. I repeatedly taught the material included here to undergraduate computer science students at York University in Toronto, Canada. I think of this book as the record of my lectures. I have endeavored to make these lectures user-friendly, and therefore accessible to readers who do not have the benefit of an instructor's guidance. Devices to that end include anticipation of questions, promptings for the reader to rethink an issue that might be misunderstood if glossed over ("pauses"), numerous remarks and examples that reflect on a preceding definition or theorem. & Using the symbols JL , and Χ X , I am marking those passages that are very important, and those that can be skipped at first reading, respectively. My fondness for footnotes is surely evident (a taste acquired long ago, when I was studying Wilder's excellent Introduction to the Foundations of Mathematics ([57]). I give (mostly) very detailed proofs, as I know from experience that omitting details normally annoys students. Moreover, I have expectations that students will achieve a certain style, and effectiveness, in proofs. The best way to teach them to do so is by repeatedly giving examples how. In turn, students will have the opportunity to test and further their understanding by doing several exercises, some of which are embedded in the text while others appear at chapters' end (a total of more than 190 exercises). Book structure. The book is in two approximately equal-length parts, one on Boolean (or propositional) logic and one on predicate logic. A thorough exposition of Boolean logic pedagogically prepares the reader for the much more difficult predicate logic, at the same time endowing him with several tools that are transferable such as the ubiquitous Post's theorem (propositional completeness) and deduction theorem. Part I is in three chapters. Chapter 1 starts with the basic formation rules of propositional (Boolean) formulae—the syntax—and introduces "induction on formulae" as a tool via which we can prove facts about syntax. It proceeds with Boolean semantics (truth tables) and then continues with the concept of formal proofs—those effected via purely syntactic manipulation—from axioms and rules of inference. Chapter 2 is a veritable database of proofs and theorems, presenting several proofs and proof techniques, including the deduction theorem. Both the equational and Hilbert style of proof layouts are used extensively. Chapter 3 revisits semantics, and proves both the soundness and completeness (Post) theorems, thus demonstrating the full equivalence and interchangeability of the semantic and syntactic proof techniques in Boolean logic. It concludes with an exposition of the technique of resolution in Boolean logic. Part II on predicate logic (or calculus) contains five chapters and a lengthy Appendix. Predicate calculus is introduced as an extension of the logic of Part I, so that every tool that we obtained in Part I is still usable in Part II. This part's first chapter, Chapter 4, is about the syntax of formulae, and introduces the axioms, the rules of inference, and the concept of proof, extending without discarding anything of the corresponding concepts of Part I, Chapter 5 simplifies the metatheoretical arguments by introducing a simpler-to-talk-about logic, equivalent to ours; that is, a logic with a simpler metatheory. Chapter 6 proves and extensively uses powerful rules of inference that were not postulated up front: techniques for adding and removing the

XVl

PREFACE

universal quantifier, powerful Leibniz rules, and techniques for adding and removing the existential quantifier. Our version of predicate calculus, as is common in the literature nowadays, includes equality (=). Chapter 7 advances some basic properties of equality as these flow from the axioms and the rules of inference. Chapter 8 is a "working" first approximation to Tarski-like semantics and proves (in detailed outline) the soundness theorem for predicate calculus. This is an important tool toward constructing counterexamples, or countermodels as we prefer to call them, aiming to show that certain predicate logic formulae are not provable. The Appendix at the very end does several things: It revisits Tarski semantics that were naively presented in Chapter 8, proves soundness again, this time totally rigorously, and also proves Godel's completeness theorem. It then introduces computability, that is, the part of logic that makes the concepts of algorithm, computation, and computable function mathematically precise. In this particular approach to computability, I am using the programming language known in the literature as the Shepherdson-Sturgis ([44]) unbounded register machines (URMs). The topics included constitute the very foundation of the theory of computation and they will be of interest not only to mathematics readers but also to those in philosophy and, especially, in computer science, who will find ample supplemental material for their theory of computation courses. These include partial computable functions, primitive recursive functions, a complete characterization in number-theoretic terms of the partial functions computable by URMs, the normal form theorems, the "Kleene predicate" and a "universal" URM, computable and semi-computable relations and their behavior in connection with Boolean operations and quantification, computably enumerable relations, unsolvability, verifiers and deciders, first-order definability, and the arithmetical relations. This machinery will next allow us to tackle Godel's first incompleteness theorem. This we prove by basing the proof on the nonexistence of a URM program that solves the following problem (halting problem) for any choice of χ and y: "Will program χ ever terminate if its input is y?" Suggested coverage. A computer science curriculum in formal logic will probably cover everything but the Appendix. The course MATH 1090 at York University, especially designed for computer science majors, does exactly that. However, a hybrid course in logic and computability, often included in computer science curricula, will adjust its pace (e.g., going faster through Part I) to include the computability and Godel incompleteness topics of the Appendix. A mathematics major will typically see his first course in logic in an upper-undergraduate year. His syllabus will likely require that the book be studied from cover to cover (again, going fast through Part I). A philosophy major's needs in a course in logic are harder tofitto a prescribed template. Advanced students will likely find all of Part I relevant along with chapters 4-6 of Part II. They will also find a high degree of relevance in the computability and Godel incompleteness topics of the Appendix. GEORGE TOURLAKIS Toronto June 2008

Acknowledgments

The writing of this book would have not been successful without the support and warmth of an understanding family. Thank you. I also wish to thank my York colleagues, Rick Ganong, Ilijas Farah, Don Pelletier and Stefan Mykytiuk, who have used drafts of this book in their MATH 1090 sections and offered me helpful suggestions for improvements. I want to credit all my students in logic courses that I taught over the years, as they have provided me not only with the pleasure of teaching them, but also with the motivation to create a friendly yet mathematically rigorous, thorough, up-to-date, and correct text for their use. I acknowledge the ever supporting environments at York University and at the University of Crete—where I spent many long-term visits, most recently in the spring term of 2006-07 while on Sabbatical leave from York—which are eminently conducive to projects like this one. Steve Quigley and Melissa Yanuzzi have been supportive and knowledgeable editors who made all the steps of the project smooth and effective. It has been a pleasure to work with both of them. I finally wish to record my appreciation of Donald Knuth, Leslie Lamport, and the TUG community (http://www.tug.org) for the typesetting tools TpX and ÉίΓβΧ and the UNIX-based distribution of comprehensive typesetting packages that they have made available to the technical writing community, making the writing of books such as this one fun. xvli

This page intentionally left blank

PARTI

BOOLEAN LOGIC

This page intentionally left blank

CHAPTER 1

THE BEGINNING

Mathematical logic, or as we will simply say, "logic", is the science of mathematical reasoning. Its core consists of the study of the form, meaning, use, and limitations of logical deductions, the so-called proofs. This volume, which is aimed at upper-level undergraduate university students who follow a course of study in computer science, mathematics, or philosophy, will emphasize mainly the use of proofs—it is written with the interests of the user in mind. 1.0.1 Remark. (Before we Begin) The symbol goes at least as far back as the writings of Bourbaki. It has been made widely accessible to authors—who like to typeset their writings themselves—through the typesetting system of Donald Knuth (known as "Tj3i"). I use these "road signs" as follows: A passage enclosed between two single " symbols is purported to be very noteworthy, so please heed! * On the other hand, a passage enclosed between two double signs (" means two things. 6

')

This symbol is a stylized typographical version of the "(dangerous) winding-road" road sign.

Mathematical Logic. By George Tourlakis Copyright © 2008 John Wiley & Sons, Inc.

3

4

THE BEGINNING

The bad news is that it is rather difficult, or esoteric, or both. The good news is that you do not need to understand (or even read) its contents in order to understand all that follows. It is only there in the interest of the "demanding" reader. Such "doubly dangerous" passages allow me to digress without injuring continuity—you can ignore these digressions! • Learning to use logic, which is what this book is about, is like learning to use a programming language. In the latter case, probably familiar to you from introductory programming courses, one learns the correct syntax of programs, and also learns what the various syntactic constructs do—that is, their semantics. After that, one embarks—for the balance of the programming course—on a set of increasingly challenging programming exercises, so that the student becomes proficient in programming in said language. We will do an exactly analogous thing in this volume: We will learn to write proofs, which are nothing else but annotated sequences of formulae and are similar to computer programs in terms of syntactic structure—the annotations playing a role closely similar to that of comments in computer programs. But to do that, we need to know, to begin with, what are the rules of correctly writing down a formula and a proof! We have to start with the syntax of these objects—formulae and proofs—precisely as it is done in the case of programming and its related objects, the programs. Thus, we will begin with learning the syntax of the logical language, that is, what syntactically correct formulae and proofs look like. We will also learn what various syntactic constructs "say" (semantics). For example, we will learn that a formula makes a "statement". A proof also makes a statement, that every formula in it is true in some very intuitively acceptable sense. We will learn that correctly written proofs are finite and "checkable" means toward discovering mathematical "truths". We will also learn via a lot of practice how to write a large variety of proofs that certify all sorts of useful truths of mathematics. The above task, writing proofs—or "programming in logic" if you will—is our main aim. This will equip you with a toolbox that you can use to discover or certify truths. It will be handy in your studies in computer science, and in whatever area of study or research you embark upon and where reasoning is required. However, we will also look at this toolbox, the logic, as an object of study and study some of its properties. After all, if you want to take up, say, carpentry, then you need to know about tools such as hammers—their properties (e.g., hard and heavy) and limitations (e.g., unfriendly to fingers). When using the toolbox to prove theorems, you work within logic. On the other hand, when studying the toolbox, you work in logic's metatheory (in metalogic) to talk and reason about logic. People often do this kind of study with programming languages, looking at them as objects of study rather than as instruments to write programs with. For example, in an advanced course on the comparative study of programming languages one looks at several programming languages and compares them for features, suitability

THE BEGINNING

5

for certain programming tasks—for any specific task some are more suitable than others—limitations, etc. Here is another analogy: In the "real world" that we live in, one builds flight simulators, which we use to simulate flying an airplane, and in the process we learn how to do so. The real world where the simulator is built is the simulator's metatheory, where we can, among other things, study the properties and limitations of simulators and compare several simulators for features such as relative "power" (i.e., how effective or realistic they are), etc. Similarly, formal logic is built within "real mathematics", as we will see in the next section. It, too, is a "simulator" employed to write formal proofs that certify the truth of mathematical statements. These proofs imitate the kind of informal proofs one typically employs in informal mathematics but do so within a precisely specified system of notation (called language), rules, and assumptions. Thus, using formal logic is a means to learn how to write proofs—and not only formal proofs!—just as using a flight simulator is a means of learning how to fly a real plane. The metatheory of logic—the "real mathematics"—addresses questions among the deepest of which is the question of how far formal logic can go in discovering mathematical truths. Let us next look more closely at the similarity between programming languages and programming on one hand and logical languages and proving on the other, and argue that, similar as the two activities may be, the second one is a bit easier! (1) In programming, you use the syntactic rules to write a program that solves a problem. (2) In logic, you use the syntactic rules to write a proof that establishes a theorem. In the latter task you are done as soon as the proof ends. At the end of the proof you have your theorem, exactly as stated. In the former task, programming, it is not enough to just write a program! You next have to convince your boss, or your instructor, that the program indeed solves the problem; that it is "semantically correct" with respect to the problem's specification. Note that in proving a theorem you have a purely syntactic task. Once your correctly written proof ends with the theorem you were trying to prove, you are done. There is no messing about with semantics. There is another reason why programming is harder than proving theorems: Programming has to be painstakingly precise because it involves your writing instructions for a dumb machine to "understand" and follow. You must be absolutely and pedantically clear in your instructions. On the other hand, you address a proof to a human who knows as much as you do, or more, about the subject. This human will in general accommodate a few shortcuts that you may want to take in your presentation. In short, proofs are read by "intelligent" humans, while programs are read by "dumb" computers. We need to work really hard to speak at the level of the latter. Will you ever need to deal with semantics in logic? Yes! Semantics is useful when you want to disprove (or refute) something, that is, to prove that it is a false

6

THE BEGINNING

statement, a fallacy. We will talk about semantics later—three times: once under Boolean logic, once under predicate logic, and one last time in the Appendix. There are many methodologies or paradigms (and corresponding programming languages suitable for the task) for writing programs. For example (add the word programming after each italicized keyword), procedural (Algol, Pascal, Turing), functional (LISP), logic (Prolog), and object-oriented (C++, Java). Most computer science departments will expose their students to many of the above. Similarly there are several methodologies for writing proofs. For example (add the word style after each italicized keyword), equational (the one favored by [17]), Hilbert (favored by the majority of the mathematics, computer science, and logic literature), Gentzen's natural deduction, etc. My aim is to assist the reader to become an able user of the first two styles: the equational and the Hilbert style of proof. In both methodologies, an important required component is the systematic annotation of the proof steps. Such annotation explains why we do what we do, and has a function similar to that of comments in a program. Okay; one can grant that a computer science student needs to learn programming. But logic? You see, the proper understanding of prepositional logic is fundamental to the most basic levels of computer programming, while the ability to correctly use variables, scope, and quantifiers is crucial in the use of loops, and subroutines, and in software design. Logic is used in many diverse areas of computer science, including digital design, program verification, databases, artificial intelligence, algorithm analysis, computability, complexity, and software specification. Besides, any science that requires you to reason correctly to reach conclusions uses logic. When one is learning a programming language, one often starts by learning a small subset of the language, just to smooth the learning curve. Analogously, we will first learn—and practice—a subset of the logical language. This we will do not due to some theoretical necessity, but due to pedagogical prudence. This particular, "easy" subset of (the "full") logic that we will embark upon learning goes by many names: Boolean logic, prepositional logic, sentential logic, sentential calculus, and prepositional calculus. The "full logic" we will call by any of the names predicate calculus, predicate logic, or first-order logic. I like the calculus qualifier. It connotes that there is a precise way to "calculate" within logic. It emphasizes that building proofs is an algorithmic and precise process, just like programming.

Indeed, it turns out that you can write a program, say, in Pascal, that will accept no input, but if it is allowed to run forever it will print all the theorems of logic (and not just those of the Boolean variety)—and never print a non-theorem!—in some order, possibly with some repetitions (cf. A.4.7 on p. 270). 7

7

We will soon appreciate that there are infinitely many theorems in logic.

THE BEGINNING

7

Equivalently, we can write a program that is a theorem verifier. That is, given as input a theorem, the program will verify that it is so, in a finite number of steps. If the input is a non-theorem, our verifier will decline an answer—it will run forever. Thus, proving theorems is a mechanical process] Digression: The above assertion is an example of a true assertion about the logic, not one that we can prove using exclusively the tools o/logic as a tool. It is a metatheorem of logic as we say, not a theorem. The proof of this metatheorem requires techniques much more powerful than— indeed external to—those that the logic provides. We will prove this metatheorem in the Appendix to Part II (A.4.6). So metatheorems are truths about the logic that we prove with tools external to the logic, while theorems are truths that the logic itself is capable of proving. There is some danger that the above statement, "proving theorems is a mechanical process", may be misinterpreted by some as one advocating that we build proofs by mindlessly shuffling symbols. Nothing is further from reality. The statement must be understood precisely as written. It says that there is a "mindless" way, a programmable way, to generate and print all possible theorems of logic, and, equivalently, also a programmable way to verify all theorems, which, however, refuses to verify any non-theorem by "looping" forever when presented with any such as input. But it is not a recipe for how we ought to behave when we write proofs. This is not the way a mathematician, or you or I, go about proving things—mindlessly. In fact, if we do not understand what is going on, we cannot go too far. Moreover, interesting, even important, as this result (about the existence of theorem verifiers) may be theoretically, it is useless practically, as we further discuss below. Our task is different. In general, we are more inquisitive. Given an arbitrary (mathematical) statement, we do not know ahead of time if it is a theorem or not. This italicized statement, the so-called decision problem of logic, is what we normally are interested in. Thus, our "verifier" is not very helpful, for if the statement that we present it as input is not a theorem, then the verifier will run forever, not giving an answer. Hmm. Can we not write a decider for logic? The answer to this is interesting, but also reassuring to mathematicians (and all theorists): Their jobs are secure! (1) For Boolean logic, we can, since the question "Is this statement a theorem?" translates to "Is this statement a tautology?" (cf. 3.2.1). The latter can be settled algorifhmically via truth tables. But there is a catch: Checking a formula (the formal counterpart of a "statement") for tautology status is an unfeasible problem. So we can do it in principle, but this fact is devoid of any practical value. 9

"That this formulation of the claim is equivalent to the preceding one is a standard result of computability. Cf. Appendix to Part II, Remark A.3.91 on p. 262. 'The term unfeasible—also intractable—has a technical connotation in complexity theory: It means a problem for which we know of no algorithm that runs in polynomial time as a function of the input

8

THE BEGINNING

(2) For predicate logic, the answer is more pleasing to mathematicians. First, there exists no decider for this logic if we expand it minimally so that it can reason about the theory of natural numbers (this is Alonzo Church's theorem, [3,4]). Second, even if one were to be satisfied simply with a verifier for theorems, then we still would have no general solution of any practical value in hand. Indeed, again considering the logic augmented so that it can "do number theory", any chosen verifier V for this logic would be extremely slow in providing answers in the following precise sense: For any choice of a step-counting function / ( n ) , there is an infinite subset, S, of the set of theorems of number theory, such that each theorem-member, T, of S that is composed of η symbols requires for its verification more than f(n) steps to be performed by V. This is a result of Hartmanis ([19]). 10

Let us stop digressing for now. In the next section we begin the study of the sublogic known as prepositional calculus. 1.1

BOOLEAN FORMULAE

We will continue stressing the algorithmic nature of the discipline of proving, just as it is the case in the discipline of programming. In particular, just as in serious programming courses the programming language is introduced via preciseformat ion rules that allow us to write syntactically correct programs, we will be every bit as serious by introducing very precisely the rules for writing syntactically correct (1) formulae and (2) proofs. Once again, the syntax of the logical language is much simpler to describe than that of any commercially available programming language. So, how does one build—i.e., what are the rules for writing down correctly— formulae? Continuing with the programming analogy, you will recall that to define a programming language, i.e., the syntax of its programs, one starts with the list of admissible symbols, the so-called alphabet. In some languages, the alphabet includes symbols such as "3,4,0, [, A, B,c,d,E,+,x, —" and "keywords"—that is, multiple-character symbols—such as if, then, else, do, begin. Similarly, in Boolean logic, we start with the basic building blocks, which collectively form what is called the alphabet (for formulae). Namely, length—or worse, we know that such an algorithm does not exist. In this case it is the former. However, there is a connection with the so-called "P vs. NP" open question (see [5]). If a polynomial algorithm that recognizes tautologies does exist, then the open problem is settled as "P = NP", something that the experts in the field consider highly unlikely. The truth table method runs in exponential time. '"For example, consider / ( n ) = 2 ". If we think of f(n), for each n, as representing picoseconds of run time of the verifier V (1 picosecond is 1 0 ~ seconds), then every member of S of length more than 4 symbols will require the verifier V to run for more than 5.70045 χ 1 0 years! 2

1 2

2 8 8

BOOLEAN FORMULAE

9

Al. Symbols for variables, called the Boolean or propositional or sentential variables. These are p, q, r, with or without primes or subscripts (i.e., p', 913, r-j" are also symbols for variables). X

We often need to write down expressions such as "A\p := B]", to be defined later (1.3.15), but do not wish to restrict them to the specific variable p. Nor can we say things such as "for any Boolean variable ρ we consider A\p := B)..." as there is only one specific pi We get around this difficulty by employing so-called metavariables or syntactic variables—i.e., symbols outside the alphabet that we can use to refer to or point, generally, to any variable. We adopt the names for those to be the boldface p, q, r with or without primes or subscripts. Thus pgj names any variable p, q,r'",q'g , etc. Rarely if ever in this volume will we need to use more Boolean metavariables than these two: p , q. S7

We can now use the expression "for every Boolean variable ρ we consider A[p := B\..." referring to what ρ names rather than to ρ itself. Two analogous examples are, from algebra, "for every natural number n" (n is not a natural number!) and, from programming, where we might say about Algol, "for each variable x, the instruction χ := χ + 1 means to increase the value of χ by one." Again, χ is not a variable of Algol; X13, YXZ99, though, are. But it would be meaningless to offer the general statement "for each variable X13, the instruction X13 := X13 + 1, etc." since X13 is a specific variable of the Algol syntax. The programming language metavariable χ allows us to speak of all of Algol's variables collectively! On the other hand, the expression "for every Boolean metavariable" refers to the set of metavariables themselves, {p, q, r^g, . . . } and will be rarely, if ever, used. The expression "for every Boolean metavariable p " is as nonsensical as "for every Boolean variable p". A2. Two symbols for Boolean constants, namely Τ and 1. These are pronounced variously in the literature: verum (also top, or symbol "true") and falsum (also bottom, or symbol "false " ). 11

A3. Brackets, namely, ( and ). A4. "Boolean connectives", namely, the symbols listed below, separated by commas -.,A,V,->,=

Let us denote by V the alphabet consisting of the symbols described in A1-A4. Usually, the qualifier symbol is dropped and then the context is called upon to distinguish between "true/false" the symbols vs. "true/false" the Boolean values of the metatheory (introduced in Section 1.3). In particular, cf. Definition 1.3.2 and Remark 1.3.3. 1 1

10

THE BEGINNING

1.1.1 Remark. (1) Even though I say very emphatically that p,q, r, etc., and also Τ and ± , are just symbols, —the former standing for variables, the latter for constants—yet, I will stop using the qualification symbols, and just say variables and constants. This entails an agreement: I always mean to say symbols, I just don't say it. (2) Most variable symbols are formed through the use of "subsymbols"—such as 0,1,2,'—that are not members of the alphabet V themselves; e.g., p"{ 4. This does not detract from the fact that each variable (name) is a single symbol of V, entirely analogously with, say, the keywords of Algol if, then, begin, for, etc. (3) Readers who have done some elementary course in logic, or in the context of a programming course, may have learned that ->, V are the only connectives one really needs since the rest can be expressed in terms of these two. Thus we have deliberately introduced redundancy in the adopted set of connectives (i) above. This choice in the end will prove to be user-friendly and will serve our aim to give a prominent role to the connective =, in the axioms and in rules of inference (Section 1.4). • 12

003

1.1.2 Definition. (Strings or Expressions; Substrings) We call a string (also word or expression), over a given alphabet, any ordered sequence of the alphabet's symbols, written adjacent to each other without any visible separators (such as spaces, commas, or the like). For example, 00660 is a string of symbols over the alphabet {a, b, c,0,1,2,3} (note that you don't have to use all the alphabet symbols in any given string, and, moreover, repetitions are allowed). Ordered means that the position of symbols in the string matters; e.g., αα6 φ aba. We denote arbitrary strings over the alphabet A1-A4 by string variables, i.e., names that stand for arbitrary or specific strings. Specific strings, or string constants, are sometimes enclosed in double quotes to avoid ambiguity. For example, if we say 13

14

Let A be the string aab. we need to know whether the period is part of the string or not. If it is not we symbolically indicate so by writing Let A be the string "aab ". If it were part of the string, then we would have written instead Let A be the string "aab.". String variables—by agreement—will be denoted by uppercase letters A, B, C, D, Ε, P, Q, R, S, W etc., with or without primes or subscripts. In particular, since Boolean expressions (and theorems) are strings, this naming is valid for this special case, too. Some logicians put it more emphatically: "meaningless symbols". "E.g., "let A be any string". E.g„ "let A stand for (-.(ρ Λ q))".

12

14

BOOLEAN FORMULAE

11

The major operation on strings is concatenation, that is, juxtaposition. To concatenate the strings (named) A and B, in that order, is to form the string (named) AB that consists of the symbols in A, from left to right, immediately followed by the symbols in B, from left to right. Thus, if A is aab and Β is 00110, then AB is αα&ΟΟΠΟ. Clearly, concatenation is an associative operation, i.e., (AB)C = A(BC). Hence, when we omit brackets, as we normally do, and simply write ABC, there is no ambiguity since wherever we may insert the brackets that we "forgot" makes no difference! There is a very special string that we call the empty string and denote by e (this being a specific string, a constant, we deviate from the naming convention A, B, C,... above). What is special about it is that it contains no symbols, so that At = tA = A. "B is a substring of A" means that for some strings C and D we have A = CBD. For example, over the alphabet {a, b] we have that α is a substring of aab. Indeed there are two occurrences of α in aab as substrings: A first (shown boxed) is justified by noting aab = efq~|ab and a second is justified by noting aab = α[α~|6· • We can build all sorts of expressions over our Boolean alphabet V, such as pp,pqr, -Ά, (r —• r), and a lot of others. Some such strings (e.g., the last one above) are well-formed-formulae (in short, wff), the rest being gibberish. Hmm. How can we tell? For example, if we asked an unsuspecting (not logically trained) passerby which of the following are "well-formed" p= p ((pVq) = q) = {(pAq)=p) we would have no right to expect any better than lucky guesses from him (we can check, by asking him "why?" in each case). So, how can we tell? The obvious (silly) answer would be, "Why not tabulate all formulae? Then we can check any string for formula status by table look-up. If the string is in the table, then it is a formula; otherwise it is not a wff." Of course this is silly, for we cannot write down an infinitely long table such as a table of all formulae would be. We must find a way to define a set of infinitely many strings (the formulae) by a finite text. Pause. Can we do such a thing? Absolutely. We will give a precise process that every time it is applied builds a formula, and will never build a nonformula. Moreover, it is "general enough" so that if it is applied over and over, for ever, it will build all formulae. We are ready to define formula-calculation. 1.1.3 Definition. (Formula-Calculation or Formula-Parse) We will call formulacalculation (or formula-parse) any finite (ordered) sequence of strings that we may write respecting the following three requirements:

12

THE BEGINNING

(1) At any step we may write any symbol from Al or A2 of the alphabet (p. 9). (2) At any step we may write the string (-Ά), provided we have already written the string A. (3) At any step we may write any of the strings (Α Λ Β), (A V Β), (A —• Β), (A = Β), provided we have already written the strings A and B. • 1.1.4 Example. In the first step of any formula-calculation, only requirement (1) of Definition 1.1.3 is applicable, since the other two require the existence of prior steps. Thus, in the first step, we may write only a variable or a constant. In all other steps, all the requirements (l)-(3) are applicable. Here is a calculation (the comma is not part of the calculation, it just separates strings written in various steps):

Verify that the above obeys Definition 1.1.3. Here is a more interesting one: P,Q, (pV«), (pAq), ((Ρ A q)

((pVo) = ρ), Ξ ρ),

(((ρ

V

q) = q) Ξ ((ρ Aq)

= p))

•

1.1.5 Definition. (Boolean Expressions or wff or Formulae) A string A over the alphabet A1-A4 will be called a Boolean expression or a well-formed-formula iff it is a string written at some step of some formula-calculation. The set of Boolean expressions we will denote by WFF. A member of WFF is often called a wff (a formula). • 15

1.1.6 Remark. (1) The idea of presenting the definition of formulae as a "construction" or "calculation" goes at least as far back as [2, 21]. (2) We used, in the interest of user-friendliness, active or procedural language in Definition 1.1.3 (i.e., that we may do this or that in each step). A mathematically more austere (hence "colder"(!)) approach that does not call upon anyone to write anything down—and does not speak of "steps"—would say exactly the same thing as Definition 1.1.3 rephrased as follows: 16

A formula-calculation (or formula-parse) is any finite (ordered) sequence of strings, Αχ, A2, • • •, A such that—for all i = 1,...,η—Αι is one of: n

(I) Any symbol from Al or A2 (II) (-Λ), provided A is the same string as some Aj, where 1 < j < i "if and only if Exactlyas[21]does. l6

BOOLEAN FORMULAE

13

(III) Any of the strings (Α Α Β), {A V Β), {A -» Β), {A = B), provided A is the same string as some Aj, where 1 < j < i and Β is the same string as some Ak, where 1 < k < i (it is allowed to have j = k, if needed) (3) There is an advantage in the procedural formulation 1.1.3. It makes it clear that we build formulae in stages (or steps), each stage being a calculation step. In each step where we apply requirement (2) or (3) of 1.1.3, we are building a more complex formula from simpler formulae by adding a Boolean connective. Moreover, we are building a formula from previously built formulae. These last two remarks are at the heart of the fact that we can prove properties of formulae by induction on the number of steps (stages) it took to build it, or more simply, by induction on its "complexity" (that is, the total numbers of connectives in the formula, counting repetitions; see next section). • The concluding remark above motivates an "inductive" or "recursive" definition of formulae, which is the favorite definition in the "modem" literature, and we should become familiar with it: 1.1.7 Definition. (Alternative (Recursive) Definition of WFF) The set of all wellformed-formulae is the smallest set of strings, WFF, that satisfies (1) All Boolean variables are in WFF, and so are the symbols Τ and _L. We call such formulae atomic. (2) If A and Β are any strings in WFF, then so are the strings (->A), (A A B), (A V β ) , (A —• β ) , (A = B). • 1.1.8 Remark, (a) Why "recursive"? Because item (2) in 1.1.7 defines the concept formula in terms of (a smaller, or earlier, instance of) "itself: It says, in essence, "... (A V B ) is a formula, provided we know that A and Β are formulae. ..." 1 7

In programming terms, confronted with, say, the 3rd subcase of case (2) of the definition, we "call" the definition recursively, twice, to settle the questions "Is A a wff?" and "Is Β a wff?" If "yes" for both, then we proclaim that (A V B) is a wff. (b) Part(l)in 1.1.7definesthemostbasic,mosttrivialformulae. This part constitutes what we call the Basis of the inductive (recursive) definition, while part (2) is called the inductive, or recursive, part of the definition. (c) 1.1.7 and 1.1.5 say the same thing, looking at it from opposite ends: Indeed, suppose that we want to establish that a given string D is a formula. If we are using 1.1.5, we will try to build D via a formula-calculation, starting from atomic Each of A and Β are substrings (cf. 1.1.2) of (Α ν B), so they are "smaller" than the latter. They are also "earlier" in the sense that we must already have them—i.e., know that they are formulae—in order to proclaim (Av B)a formula. l7

14

THE BEGINNING

ingredients and building as we go successively more and more complex formulae until finally, in the last step, we obtain D. If on the other hand we are using 1.1.7, we are working backwards (and build a formula-calculation in reverse!). Namely, if D is not atomic, we try to guess— from its form—what was the last connective applied. Say we think that it was —>, that is to say, D is (A —» B) for some strings A and B. Now we have to verify our guess! This requires that the strings A and Β are formulae. Thus, taking each of A and Β in turn as (a new, smaller) "D" we repeat this process. And so on. This is a terminating process since the new strings we obtain (for testing) are always smaller than the originals. Of course, I did not prove here that the two definitions define the same set WFF. But they do!

18

Technically, the term smallest is crucial in 1.1.7 and it corresponds to the similarly emphasized iff of 1.1.5. A proof that the two definitions are equivalent is beyond our syllabus. • 1,1.9 Example. Let us verify using 1.1.7 that ((ρ V q) V r) is a formula. call#l We guess that the rightmost "V" is the last to apply; thus, using (2) in 1.1.7 we must now verify that (ρ V q) and r are formulae. Well, r is by (1) in WFF. However, (ρ V q) leads to call #2. call #2 Again, using (2)—this time we do not need any guessing; there is only one connective—we must verify that ρ and q are formulae. This is so by (1) in 1.1.7. When we use Definition 1.1.7 to verify that a string is a formula, we say that we parse the string top-down. On the other hand, when we build the formula using Definition 1.1.5, then we are parsing it bottom-up. Can we parse the above string in another top-down way? Obviously, our recursive call to the definition hinges around one of the two "V" symbols in the string. We must guess which is "the right one" (as the last connective to apply). Why is the leftmost connective not "right"? Here is where metamathematical analysis comes in: The leftmost connective will work as the "last one to apply" iff (according to 1.1.7) "(p" and "q) V r" are both formulae. The metamathematical analysis of formula syntax (see next section) 19

I only hand-waved to that effect, arguing that for any string D in WFF, 1.1.5 builds a calculation the normal way, while 1.1.7 builds it backwards. I conveniently swept under the rug the case where D is not in WFF, i.e., is not correctly formed. I know that the separation of "mathematics" from "metamathematics" is at first tricky. Think of the hammer analogy: You do "theory" (or "mathematics" or "logic") when you use the hammer. On the other hand, when articulating a principle such as "It is inevitable that I will hit my finger with the hammer", then you are doing an analysis of the hammer's behavior. You are doing "metatheory" (or "metamathematics" or "metalogic"). Similarly, you do logic when you generate a formula according to 1.1.5, or backwards according to 1.1.7. However, articulating principles such as "There is only one way to parse a formula", or "Every formula has balanced brackets", studies, does not build, formulae and thus lies within the metalogic. l8

,9

BOOLEAN FORMULAE

15

tells us that every formula must have a balance of left and right brackets. So none of these two is a formula, and therefore the leftmost V cannot be the last connective to apply.

•

In the course of a formula-calculation (1.1.3), we write some formulae down without looking back (step of type (1)). Some others we write down by combining via one of the connectives Λ, V, —>, = two formulae A and Β already written, or by prefixing one already written formula, C, by -i. In terms of the construction by stages, the formula built in this last stage had as immediate predecessors A and Β in the first case, or just C in the second case. One can put this elegantly via the following definition: 1.1.10 Definition. (Immediate Predecessors) None among the constants Τ and _L, or among the variables, have any immediate predecessors. Any of the formulae {Α Λ Β), (A V Β), (A —> Β), (A = Β) have A and Β as immediate predecessors. A is an immediate predecessor of {^A). Sometimes we use the acronym i.p. for immediate predecessor. • It turns out that a formula uniquely determines its i.p. We give a proof later (1.2.5). 1.1.11 Remark. (Priorities) In practice, too many brackets make it hard to read complicated formulae. Thus, texts (and other writings in logic) often come up with an agreement on how to be sloppy, but get away with it. This agreement tells us what brackets are redundant—and hence can be removed— from a formula written according to Definitions 1.1.5 and 1.1.7, still allowing the formula to "say" the same thing as before: (1) Outermost brackets are redundant. For the remaining two cases, it is easiest to think of the process in reverse: How to reinsert correctly (as per Definition 1.1.5) any omitted brackets. (2) Any other pair of brackets is redundant, if its presence (as dictated by 1.1.5) can be understood from the priority, or precedence, of the connectives. Higher-priority connectives bind before lower-priority ones. That is, if we have a situation where a subformula A of a formula has already been reconstructed as per 1.1.5, and is claimed by two distinct connectives ο and o, among those in (*) below, as in " . . . ο A ο ...", then the higher-priority connective "glues" first. This means that the implied brackets are (reinserted as) " . . . ο A) ο . . . " or " . . . ο (A ο ..." according as ο or ο has the higher priority, respectively. 20

The order of priorities (decreasing from left to right) is agreed to be:

21

-.,A,V,-.,=

(*)

A subformula of a formula β is a substring of Β that is a formula. Other agreements for priorities are possible. I offered the one that most people use. But remember: It is only an agreement, which means (1) we must stick to it, and (2) it is neither "more right" nor "more wrong" than any alternative agreement. 2 0

2 1

16

THE BEGINNING

(3) In a situation like " . . . ο Λ ο ..."—where A has already been reconstructed as in 1.1.5, and ο is any connective listed in (*) above, other than -•—the right ο acts before the left. Thus the implied bracketing is " . . . ο (A ο...". Similarly, in

is short for (—>(—>yl)).

We say that all connectives are right associative. It is important to emphasize: (a) This "agreement" results in a shorthand notation. Most of the strings depicted by this notation are not correctly written formulae, but this is fine: Our agreement allows us to decipher the shorthand and uniquely recover the correctly written formula we had in mind. (b) I gave above the convention that is followed by 99.9% of writings in logic, and in (almost) all programming language definitions (when it comes to "Boolean expressions" or "conditions"). (c) The agreement on removing brackets is a syntactic agreement. In particular, right associativity says simply that, e.g., ρ V q V r is shorthand for (ρ V {q V r)) rather than ((ρ V q) V r). However, no claim is either made or implied that (ρ V (g V r)) and ((ρ V g) V r) mean different things. At this point meaning (Boolean values) has not yet been introduced. When it is later on, we will easily see that (pV(gVr)) and ((pVg)Vr) mean the same thing. • 1.1.12 Example, ρ stands for p. ->p stands for (->p). ρ —> q —» r stands for (p —> (g —» r)). If I want to simplify ((p - > ? ) - > r), then (p —» g) —> r is as simple as I can get it to be. ->p Λ q V r is short for (((-•ρ) Λ g) V r). If in the previous I wanted to have -• act last, and V to act first, then the minimal set of brackets necessary is: ->(p Λ (g V r)). • A connection with things to come in a degree program in computer science. Any set of rules that tell us how to correctly write down strings constitutes a socalled grammar. Formal language theory studies grammars, the sets of strings that grammars define (called formal languages), and the procedures (or "machines") that are appropriate to parse these strings. In an introductory course on "automata and formal language theory", a student learns about formal languages. Such a student would quickly realize that Definition 1.1.7 is, in effect, a definition of a grammar for the "language" (i.e., set of

INDUCTION ON THE COMPLEXITY OF WFF: SOME EASY PROPERTIES OF WFF

17

strings) WFF. He would utilize a neat notation, such as 22

Ε :~A\{E

Λ

V E)\(E

Ξ

E)\{-<E)

A ::=T|±|p|o|r|p'| ... where Ε stands for (Boolean) Expression, A for Atom, "::=" is read as "is defined to be" and " | " is read as "or", separating alternatives in an "is defined to be"-list. Thus, the first line says, in English, "A (Boolean) expression is defined to be an atom, or '(' followed by an expression, followed by 'Λ' followed by an expression followed by ' ) ' , or, etc." The second line defines atom as any of the constants or the variables (note the separating or's).

1.2

INDUCTION O N T H E C O M P L E X I T Y O F W F F : S O M E E A S Y PROPERTIES OF WFF

Suppose now that we want to prove that every A G WFF has a "property" £P. The technique is to associate a natural number with each member of WFF and prove the property by induction on numbers. The most obvious number one may associate with a formula A is the formula's complexity: 23

1.2.1 Definition. (Complexity of a Formula) The complexity of a formula is the number of connectives—counting repetitions—occurring in the formula. • 1.2.2 Example. Note that we can read the complexity accurately even if we write formulae in least parenthesized notation. Every atomic formula has complexity 0. The complexities of ρ —• q —> p ' , -ιρ V q V s, and ->p Λ p' V ρ" —» (ρ"' = q) are 2, 3, and 5 respectively. Brackets do not contribute to complexity. • A crash course on induction. First off, let us recall what we call strong or courseof-values induction on the natural numbers (also known as complete induction): Suppose that &(n) is a property of the natural number n. To prove that £P(n) holds for all η Ε Ν it suffices, in principle, to prove for the arbitrary η that ί?(η) holds. What we mean by "arbitrary" is that we do not offer the proof of ^(n) for some "biased" η such as η = 42, or η even, or η with 105 digits, etc. If the proof indeed 24

Known as BNF notation, or Backus-Naur-Form notation. "x 6 y" is shorthand for the claim "x is a member of the set y", also pronounced "x belongs to y" or "x is in y". N denotes the set of all natural numbers { 0 , 1 , 2 , 3 , . . . } . Thus "for all η e N" is elegant notation that says "forn = 0 , 1 , 2 , 3 , 22

2 3

24

18

THE BEGINNING

has not cheated by using some property of η beyond "n e N", then our proof is equally valid for any η e N; we have succeeded in effect to prove &(n),for all η € Ν. Now the above endeavor is not always easy. It would probably come as a surprise to the uninitiated that we can pull an extra assumption out of the blue and use it toward proving ^(n), and that when all is said and done this process is as good as if we proved &>(n) without the extra assumption! This out-of-the-blue assumption is that 3»(k) holds for all k < η

(I)

or, another way of putting it, that the history or course-of-values of ^"(n), &>{ΰ),3»{\),...,&>{η-\)

(II)

holds—that is, it is a sequence of valid statements. It goes by the name induction hypothesis (I.H.), and the technique is that of "proof by strong induction". A couple of comments: (1) As before, we still have to prove !?{n) for the arbitrary n, although now we have the I.H. as extra help. (2) We note that the history, (II), of &{n) is empty if η = 0. Thus every proof by strong induction has two cases to consider: the one where the history helps, because it exists, i.e., when we have η > 0, and the one where the history does not help, because it simply does not exist, i.e., when η = 0. In summary, strong induction proofs have two cases: l.S. Where η > 0 and we are helped by the I.H. ((/) or (77) above). l.S. is an abbreviation for induction step. Basis. Where η = 0 and we are on our own! The proof for η = 0 is called the basis step of the induction. Since on occasion we will also employ "simple" induction in this book, let me remind the reader that in this kind of induction the I.H. is not the assumption of validity of the entire history, but that of just έ?(η- 1). As before, simple induction is carried out for the arbitrary n, so we need to work out two cases: when the I.H. is really there (n > 0) and when it is not (n = 0). The case of proving £?(0) directly is still called the basis of the (simple) induction. Tradition has it that in performing simple induction the majority of users in the literature take as I.H. £?(n) while the l.S. involves proving i?(n + 1). Correspondingly, we organize proofs of properties of formulae X, £?(X), into two main cases (rather three, in practice; see below)—essentially carrying out a strong induction with the complexity η of X as a "proxy". However, the complexity η of X is well hidden in the background of the argument and we do not mention it: (i) Case of atomic formulae (these are the only ones with complexity η = 0) where the proof is direct, without the benefit of the I.H.

INDUCTION ON THE COMPLEXITY OF WFF: SOME EASY PROPERTIES OF WFF

19

(ii) Case of nonatomic formulae (corresponding to a complexity (of Χ) η > 0) where we will benefit from the I.H. that 3*(A) holds for all formulae A that are less complex than X (i.e., they have complexity k < n) In case (ii), if A is any formula less complex than X, we will often say that "the I.H. applies to A ", meaning precisely that "by the I.H., ^(A) holds ". Let us apply (i)-(ii) to obtain a framework of proofs by induction on the set of formulae or, as we say more simply, by induction on formulae. Now, since every proper subformula A of X has a lesser complexity than X, the I.H. applies on A. In particular, the I.H. applies on all the i.p. of X (the definition of i.p. was given in Definition 1.1.10). 25

Thus, in practice, (i)-(ii) translate into the following simple framework for proofs by induction on formulae: (a) X is atomic: Give a direct proof. (b) X has the form (-Λ). Give a proof on the assumption (I.H.) that £?(A) holds. (c) X has the form (Α ο Β)—where ο e {Λ, V, =, —>}. Give a proof for each case of ο on the assumption (I.H.) that &>{A) and &>(B) hold.

Let us now prove a few properties of formulae by induction on formulae. All the "theorems" (and their corollaries) of this section are about formulae and their syntax. They are not theorems of logic, but are metatheorems. 1.23 Theorem. Every Boolean formula A has the same number of left and right brackets. Proof. The theorem is about formulae written properly, as per Definition 1.1.5, that is, before our agreements to simplify bracketing are applied. We prove the property by induction on formulae, A. (1) Basis: A is atomic. Each atomic formula has 0 left and 0 right brackets. We are Okay. (2) A has the form (-•£?). The I.H. applies on the less complex B. So let Β have m left and m right brackets. Then A—i.e., (-•£?)—has m + 1 of each. (3) A has one of the forms (Β Λ C), (Β V C), (B -» C) and (B = C). The I.H. applies to the less complex subformulae Β and C. So let them have m left/right and r left/right brackets respectively. Thus A has m + r + 1 left, and as many right, brackets. • 25

That is, not the same string as X.

20

THE BEGINNING

Note. A string Β is a prefix of a string A iff there is a string C such that A = BC. The prefix is empty iff it is the empty string (i.e., it has no symbols in it; it has length 0). It is proper iff Α φ Β. 1.2.4 Corollary. Any nonempty proper prefix of a Boolean expression A has more left than right brackets. 26

Proof. Induction on A. Since A denotes an arbitrary formula, "induction on formulae" can be rephrased as "induction on A". Compare with "induction on natural numbers" and "induction on n". (1) A is atomic. Note that none of the atomic formulae has any nonempty proper prefixes, so we are done without lifting a finger. 5_ This is an instance of a statement being "vacuously true": The statement has a typical instance that says, "All nonempty proper prefixes of ρ have more left than right brackets." Is this true? Absolutely! If you think otherwise, then show me just one nonempty proper prefix of ρ that does not have an excess of left brackets. You cannot, because there are no nonempty proper prefixes of p. (The only nonempty prefix of ρ is p, but this is improper.) (2) A has the form (-ΊΪ). The I.H. applies to B. Well, let's check the nonempty proper prefixes of (^B). These are (quotes not included, of course): (a) "(". Okay, by inspection. (b) "(-.". Ditto. (c) "(-iC"\ where C is a nonempty proper prefix of B. By I.H. if m is the number of left and η the number of right brackets in C , then m> n. But the number of left brackets of "(-iC" is m + 1. Since m + 1 > n, we are done. (d) "(->B". By 1.2.3, Β has, say, k left and k right brackets. We are okay, since k+1>kP (3) A has the form (Β ο C)—where "o" is any of Λ, V, —>, =. The I.H. applies on Β and C. Well, let's check the nonempty proper prefixes of (Β ο C). These are (quotes not included, of course): (i) "(". Okay, by inspection. ^Corollary is jargon that mathematicians, logicians, computer scientists, philosophers—and other reasoning people—use to characterize a statement that needs proof, but whose proof follows easily from another proved statement, or from the latter's proof. One then speaks of "A is a corollary of B", meaning that A easily follows from Β (and/or B's proof). The I.H. was not needed in this step. 27

INDUCTION ON THE COMPLEXITY OF WFF: SOME EASY PROPERTIES OF WFF

21

(ii) "(£>", where D is a nonempty proper prefix of B. By I.H., if m is the number of left and η the number of right brackets in D, then m > n. But the number of left brackets of "(D" is m+ 1. Okay. (iii) "(B'\ By 1.2.3, Β has, say, k left and k right brackets. We are okay, since k + 1 > k. (iv) "(β ο ". The accounting exercise is exactly as in (iii). Okay. (ν) "(Β ο D", where D is a nonempty proper prefix of C. By 1.2.3, Β has, say, A; left and k right brackets. By I.H., D has, say, m left and r right brackets, where m > r. Thus, "(β ο D" has 1 + k + m left and k + r right brackets. Okay! (vi) " ( f i o C " . Easy.

•

The following tells us that once a formula has been written down correctly, there is a unique way to understand the order in which connectives apply. 1.2.5 Theorem. (Unique Readability) For any formula A, its immediate predecessors are uniquely determined. Proof. Obviously, if A is atomic, then we are okay (nothing to prove, for such instances of A have no i.p.). Moreover, no A can be seen (written) as both atomic and nonatomic. The former do not start with a bracket; the latter do (cf. 1.2.6). 28

Suppose that A is not atomic. Is it possible to build this string as a formula in more than one way? Can A have two different sets of i.p., as listed below? (Below, when I say "we are okay" I mean that the answer is "no", as the theorem claims.) (1) (-iC) and (~Ό)? Well, if so, C is the same string as D (why?); so in this case we are okay. (2) (-iC) and (D ο Ε), where ο is any of Λ, V, —>, = ? Well, no (which means we are okay in this case too). Why "no"? For if (-iC) and (D ο Ε) are identical strings (they are, supposedly, two ways to read A, remember?), then "-i" must be the same symbol as the first symbol of D. Now the first symbol of D is one of "(" or an atomic symbol. None matches "-i". (3) (C ο D) and (Ε ο G), where ο and ο are any of Λ, V, —», = (possibly the same symbol) and either C and Ε are different strings, or D and G are different strings, or both? Well, no! (i) If C and Ε are different, then, say, C is a proper prefix of Ε (of course, C is nonempty as well (why?)). By 1.2.4, C has more left brackets than right ones, but—being also a formula—it has the same number of left and right ^So we cannot be so hopelessly confused as to think at one time that A has no i.p. and at another time that it does.

22

THE BEGINNING

brackets (by 1.2.3). Impossible! The other case, Ε being a proper prefix of C instead, is equally impossible. (ii) If C and Ε match, then ο and ο match. This forces D and G to be the same string, since the strings (C ο D) and (Ε ο G) are the same—okay again. Having answered "no" in all cases, we are done.

•

1.2.6 Exercise. Prove that the first symbol of any formula A is one of (1) a variable (2) Τ (3)± (4) a left bracket Hint. Induction on formulae, or directly from an analysis of formula-calculations (1.1.3). •

<S><S> 1.2.7 Exercise.

In footnote 20 of p. 15 we defined the concept of subformula, saying: "A subformula of a formula A is a substring of A that is also a formula." This definition does not offer itself toward showing rigorously that, e.g., "If all the occurrences of a subformula Β of A are replaced by the same Boolean variable, say p, then the string so obtained is a formula." Do the following: (1) Try to contradict me (I said, "This definition does not offer itself toward showing rigorously that, e.g ") (2) Regardless of how you did in (1), give an inductive definition of the concept subformula. (3) Now use (2) to prove by induction on A that "If all the occurrences of a subformula Β of A are replaced by the same Boolean variable, say p, then the string so obtained is a formula." • 1.3

INDUCTIVE DEFINITIONS O N F O R M U L A E

Now that we know (by 1.2.5) that we can decompose a formula uniquely into its constituent parts, we are comfortable with defining functions (more generally "concepts") on formulae by induction—or recursion—on formula complexity, or as we rather say, "by induction—or recursion—on formulae". This recursion will define the concept as follows: 29

• (Basis) If A is atomic, we define the concept (or function) directly, depending on what we are trying to achieve. • If A is (->B), then we "call" the definition recursively to define the concept for B. Depending on the nature of the concept we then, taking the presence of -i into account, extend the concept to the entire A. Some people prefer to use the term induction for proofs, and recursion for constructions. Others do not mind using the term induction for either.

INDUCTIVE DEFINITIONS ON FORMULAE

23

• If A is (BoC), then we "call" the definition recursively for Β and C. Depending on the nature of the concept, taking the presence of ο 6 { Λ , V, Ξ , —>} into account, we extend the concept to the entire A. I will merely state that the above process is feasible because of 1.2.5, which allows us to have uniquely determined "components" of A, its i.p., on which we perform the "recursive calls". A rigorous proof that indeed the process works, that we can effect recursive definitions on sets such as WFF, which themselves have been inductively defined (1.1.7), is beyond our aims. This subject is fully considered in [54]. 13.1 Example. We consider here a simple example that shows what can happen if we attempt a recursive definition on a set of formulae that were defined in a manner that the uniqueness of i.p. was not guaranteed. This time we define simple arithmetic formulae, without variables. As an alphabet we take {1,2,3,+,x} Inductively, we define the set "arithmetic formulae", AR: AR is the smallest possible set of strings over the alphabet (I) that contains the strings of unit length, I, 2 and 3, and, moreover, if the strings X and Y are in AR, then so are Χ + Y and Χ χ Y. The strings 1, 2, and 3 are the atomic formulae of AR. The concept i.p. is defined on the formulae of AR in the obvious manner: The atomic formulae do not have any i.p., and X + Y and X xY have, each, X and Y as i.p. 1 + 2 χ 3 is an example of a formula in AR that does not have a unique i.p. Indeed, according to the definition, we have two sets of i.p. here: { 1 , 2 x 3 } and {1+2,3}. Both i.p. sets are correct. Remember that any agreement on the priority of the connectives—and we entered into no such agreement—i'j not part of the rigorous definition of formula syntax for AR, thus, let us not assume that any such agreement is implied here! -

But why do we fear the multiplicity of i.p. sets for 1 + 2 χ 3? Let us attempt to define an "evaluation" function, inductively, on the set AR. We will call it EV. Here is the "natural" definition EV: EV{\)

1

EV{2)

2

EV(3)

3

EV{X + Y)

EV(X) +

EV(Y)

EV(X χ Y)

EV{X)

EV(Y)

χ

24

THE BEGINNING

Now, what is EV(l + 2 x 3 ) ? To answer this, we need to decompose 1 + 2 x 3 into a set of i.p. so that we can next do our recursive calls of EV (see the two last cases in the definition of EV). Unfortunately, we obtain two distinct answers! First we compute according to the decomposition { 1 , 2 x 3 } : EV(l

+ 2 x 3 ) = EV(1) = EV{\)

+ EV{2 + (EV{2)

χ 3) χ

EV(3))

= 1 + (2 χ 3) = 7 Next, let us do so according to the other decomposition, {1 + 2,3}: EV(1

+ 2 x 3 ) = EV{1

+ 2) χ

EV{3)

+ £V(2)) χ

= (EV(1)

EV(3)

= (1 + 2) χ 3 = 9

•

"NaturaF', or "only"? I said earlier: "Here is the "natural" definition EV." But is there any other? Yes, infinitely many! We must get used to the idea that once we define the syntax of a set of strings—of a formal language, as we say in the theory of computation, the language here being AR—we do not have anything more than the syntax, i.e., the knowledge of the "shape" of such strings. All strings in AR are "meaningless", and their semantics (or interpretation) is totally up to us. The variety of such interpretations at our disposal is infinite. I wanted the above example to be immediately relevant to our existing knowledge, to be "natural". That is why I gave the meaning to all the meaningless symbols of alphabet (1) that anyone would likely expect. However, a "meaningless" symbol such as " 1 " may stand for infinitely many different objects of mathematics. Staying in algebra, I will mention the following (infinitely many) interpretations: The symbol may be interpreted, as here, to be the number "one", but also as the unit "2 χ 2" matrix

/I

0

V° ι or the unit "3 χ 3" matrix

or... But "unit" of some sort or another is not an intrinsic meaning of " 1 " . The symbol could stand for the number 0, or 42, or for some other mathematical object.

INDUCTIVE DEFINITIONS ON FORMULAE

25

Similarly, the meaningless symbol " + " can be interpreted as "plus" on numbers, but also as "plus" on η χ η matrices (for various n), and also as concatenation of strings, union of so-called regular expressions, etc. Similar comments hold for all the other symbols of the alphabet (1). There will be two main examples of recursive definitions in this section. The first follows the definition of the concept of state and is the inductive definition of value of a formula in a state. This leads to Boolean formula semantics. The other will be the inductive definition of substitution of a formulae into a variable, an operation that is central in the use of the "Leibniz rule" in proofs. But first, let us introduce states and Boolean semantics. As we said early on (p. 6), Boolean logic is a subset of the (full) logic on first order languages and is, mainly, a pedagogical tool, since it is "easy" and therefore its study painlessly trains us and prepares us for the study of predicate logic. Does it have any other use? Yes. We can imagine that the Boolean variables of propositional logic are "abstractions" of statements in mathematics, computer science, philosophy, etc. By the term abstraction of a statement I mean the assignment of a name—a Boolean variable—to it, purposely forgetting the intrinsic semantic content (i.e., what it says) of the original statement. As an example, we can decide the logical correctness or not of the statement 30

x=

No - >

x =

No V

y > Hi

(*)

within Boolean logic by the method of abstraction, not bothering with the fact that most of the symbols above—i.e., x, y, =, >, N , Ki—are not even in the alphabet V of propositional logic! Indeed, we abstract the elementary statements "χ = Νη" and "y > Ni", naming them, say, ρ and q. Since they are two distinct statements, I used two distinct Boolean variables. Thus (*) becomes ρ —> ρ V q (**) 0

31

and, as we will soon see, it holds independently of what hides under the names ρ and q. Two useful observations are motivated from this example on abstraction and are noteworthy: • The "object" of propositional logic is not the study of the elementary "statements" (or "propositions"), that is, of the Boolean variables and their intrinsic "semantic content". After all, variables have no intrinsic semantic content. Once we name through such a variable an "elementary"—i.e., connectivefree—substatement, we turn around and forget the meaning of the original! To put it positively, the "object" of study is, exclusively, the Boolean connectives and their behavior. E.g„ advanced texts such as [45,53] introduce predicate calculus directly and do not cover propositional logic. What makes them "elementary" is that they do not involve Boolean connectives. 30

3 1

26

THE BEGINNING

• The statements that we can abstract are not restricted to those mathematical ones (or other) that are variable-free, like "3 = 9 —> 7 > 101". E.g., the elementary statement "x = No" above depends on the variable χ and therefore whether it is intrinsically true or false is indeterminate (depending on the value of x). But this did not hinder our abstraction in any manner! Here is why: In the process of abstraction—to which we come back in detail in 4.1.25—the Boolean variables that we use as names do not inherit the semantic content of the statements they name. Thus we do not care whether the truth or falsehood of what a Boolean variable names can be determined or not! The only thing that matters is the Boolean structure of the original statement, that is, how the original statement is put together where the connectives act as "glue". In the previous example, all we needed to know was that the statement had the Boolean structure (**). The semantics of Boolean formulae is defined—in the metatheory of prepositional logic—through a process that allows us to calculate whether a formula is true or false, and this under certain conditions. Our aim below is to make precise what we mean by "conditions", and to give the process according to which we calculate the "truth value" of a formula under any conditions. As you probably know from programming courses, only two values are possible for a formula in "classical" Aristotelian logic as well as in its descendant, mathematical logic, which we study here. These two values are true and false—which we collectively call truth values. Thus we need a set of two distinct objects, which we will find outside the alphabet V, in logic's metatheory. We freeze, i.e., reserve, these two values in this volume and they will serve, to the last page, as our truth values. Our choice is the set {t, f} of truth values. We will pronounce t as true and f as false. Some programming languages, but even books on logic, use different sets of truth values, such as {0,1}. At the end of the day, neither how we write them down nor how we pronounce the truth values matters, as long as we have exactly two distinct ones! 1.3.2 Definition. A state v is a function that assigns the value f or t to each Boolean variable, while it assigns necessarily the value f to the constant _L and necessarily the value t to the constant T. We pronounce f and t "false" and "true" respectively. On the chalkboard one usually denotes them by / and t respectively. If, say, the value f is assigned to q", then we write v(q") = f. • 32

•'V for value. Alternative letter is "s" for state.

INDUCTIVE DEFINITIONS ON FORMULAE

27

1.3.3 Remark. (1) A state υ is one of the infinitely many possible "conditions" where we are interested in finding the truth value of a formula and where it is possible to compute such a value. (2) A function υ is, of course, a table of input/output values such as in

out

1

f t t f

Τ ρ

9

where no two rows contain the same input. Disobeying this condition would result in ambiguity, assigning to a variable both values f and t. By definition, a state is an infinite table, so we cannot fit it on a page. Mathematically, it is an infinite set of input/output ordered pairs. Since the truth values f and t lie outside the alphabet V (p. 9) of our logic, they are symbols that, despite the similarity of their pronunciation with that of the names of the "meaningless" formal ± and Τ respectively, are different from the latter. In particular, neither the metasymbol f nor the metasymbol t may appear in a formula! But why the fuss of assigning the values f and t to the (formal) variables and constants? How does this process give a "meaning" to the variables and constants? Why do we need the f and t? Where do they come from? Aren't these two symbols, well, just symbols? If so, what do we gain by their introduction and why are the J., Τ "meaningless" while the f and t are "meaningful"? What is their understood meaning? These are good questions! Here are some answers: • The symbols _L, Τ (but also -ι, V, Λ, =, —>) are "meaningless" in the sense that we know nothing of them besides what the axioms will lead us to know: Their behavior and properties are determined only by the axioms and the rules of writing proofs in Boolean logic. On the other hand, the symbols f and t (as well as the counterparts of ->, V, Λ, = , —>, namely, the F-,, F etc.—see the table in 1.3.4) are directly given via tables in the metatheory, as part of the elementary "Boolean algebra" that we learn in computer programming. It turns out the properties of the latter faithfully track the properties of the former, and thus in a natural way provide a "concrete" interpretation of the former. v

• An analogy may shed more light on the above discussion: Think of axiomatic Euclidean geometry. There we learn the properties of, and interrelationships between, the "meaningless" concepts of point, line and plane by rigorous proofs that are based on the axioms and proof-writing rules, but on nothing

THE BEGINNING

else. Yet, there is another, "naive", kind of geometry, analytic geometry. In this geometry, a "point" is not something abstract whose properties we wait to learn from axioms; rather, it is a concrete, well-understood object of mathematics: an ordered pair of real numbers, (x, y). Similarly, a (planar) "line" is an algebraic expression on two variables χ and y and real coefficients a, b, c: ax + by = c. One finds that properties of the abstract (or "meaningless") points and lines of the axiomatic version are faithfully tracked by those of the corresponding concepts of the "naive" versions. In this sense, the points and lines of the latter provide a "concrete" interpretation of the points and lines of the former. But why interpret? Because even if we are determined to write proofs solely based on axioms and rigid rules of logic, it aids our motivation and ability to formulate such proofs if we have a "concrete" counterpart in mind. For example, another interpretation of axiomatic geometry is that of geometric drawings, "figures" as we say. You will recall from your high school years how helpful these figures were in your formulation of proofs in geometry. The geometer M. Pasch once wrote a totally figureless monograph on axiomatic geometry, presumably to emphasize that the figures we draw in geometry are only intuitive visual aids that are theoretically redundant. Yet, it seems that the human brain does well with some sort of assistance, be it visual or some other well-understood concrete representation of abstract objects, toward understanding and formulating abstract arguments. Analogously with the above, we are often motivated and aided by our knowledge of informal Boolean algebra—that is, the set {f, t } and the various operations on it as introduced in 1.3.4 below—as we construct proofs in axiomatic logic. Interpretations of abstract concepts by concrete ones provide a powerful tool toward building counterexamples: The "faithful" nature of such interpretations means that if I can prove a statement involving abstract concepts, let us call it A, then its concrete counterpart, let us call it A', is also verifiable. Turning this around I get a very useful observation: If I believe that A is not provable, I can offer indisputable evidence for this provided I can show, in the concrete domain, that A' is false. This comment will make more sense later, in 3.1.5. Hmm. It appears that this discussion builds too strong a case for the import of the "naive" or "concrete" approach, even though early on (p. 4) I said that the abstract (syntactic) approach will be favored in this book. I quote: We will learn that correctly written proofs are finite and "checkable" means toward discovering mathematical "truths". We will also learn via a lot of practice how to write a large variety of proofs that certify all sorts of useful truths of mathematics. The above task, writing proofs—or "programming in logic " if you will—is our main aim.

INDUCTIVE DEFINITIONS ON FORMULAE

29

Yet, we noted that the concrete methods track the abstract (axiomatic) approach faithfully. They provide motivation and aid the construction of proofs. They provide definitive evidence regarding the falsehood of mathematical statements. Then why bother with the axiomatic approach? When it comes to logic, would it not be best to work exclusively with Boolean algebra instead? There are a number of reasons why the axiomatic approach has attained a prominent status, even in the undergraduate curricula: (a) There is more to logic (predicate logic of Part II) that cannot be tracked by Boolean algebra. For predicate logic the concrete counterparts are in general infinitary, i.e., deal with infinite sets and operations with infinitely many arguments, such as searching an infinite set to determine if an object belongs to it. By contrast, syntactic proofs of the axiomatic method continue to be finite processes. Where the advantage lies is clear! (b) The axiomatic method was introduced as a mind-focusing device: Focus on what matters, via axioms and rules, and discard all that is extraneous to our assumptions. The approach literally saved mathematics from the paradoxes that the purely concrete, or naive, set theory of Cantor introduced. (c) The axiomatic method makes logic—and any theory that we build upon logic, e.g., modern set theory, Peano number theory—a mathematical object, just as a programming language is a mathematical object. This allows us to use mathematical tools to study logic—and any mathematical theories built upon it—as to its power, limitations, freedom from contradiction, etc. • 1.3.4 Definition. (Truth Tables) There are five operations or functions, the Boolean functions, that take as inputs only values from the set {f, t} and produce as outputs only values in the same set. The symbols we choose for these functions, one symbol for each Boolean connective, are F-.(x), Fy(x, y), F^(x, y), F^(x,y),

F=(x,y)

and their behavior is fully described by the following table, known as a truth table. χ

y

f

f

t

f

t

t

t

f

t

t

Fv{x,y) f

f

F-*{x,y) t

t

t

f

t

f

f

t

f

f

f

f

t

t

t

t

FA(X,V)

• The following definition extends a state ν so that it can give a Boolean value, hence meaning, to all formulae. Note that originally ν gave a value only to atomic formulae.

30

THE BEGINNING

In essence, the definition gives meaning to the Boolean connectives, as it is clear from the fact that there is a case for each connective of how to compute the value. Pedantry requires that the extension of ν below be denoted by a different symbol, say v, since, after all, the extension is a much bigger table. While the original had a row only for every atomic formula, the extension has a row for every formula. But now that you know about this quibble, we feel safe to use the same symbol, "v", for both. 1.3.5 Definition. (Value of a Formula in a State v) Below I use the metavariable "p", so that the "first" equation actually represents infinitely many, one for each variable in the alphabet V: υ(ρ) = whatever we originally assigned to p ; t or f v(T) = t t/(±) = f v^A))

=

v((AAB))

=

F^{v(A)) F*(v(A),v(B))

v((AvB))=F (v(A),v(B)) v

v((A^

B))=F^(v(A),v(B))

v({A = BJ) = F=(v(A),v(BJ)

•

The symbol " = " above is the "equals" sign of the metatheory, and means that the left-hand side and right-hand side values are the same (equal). It is not a formal symbol for (at least) two reasons: (1) Our V does not include " = " (2) The definition above compares informal (metafheoretical) values (t and f). Why the above definition works is clear at the intuitive level: Lack of ambiguity in decomposing a nonatomic formula C, i.e., uniquely, as one of (-Λ), [A A B),(A\/ Β), (A —> Β), {A — B) allow us to know how to compute a unique answer. The why at the technical level is beyond our reach (the demanding reader can find a proof in [54]). The convenience of truth tables can be extended to rephrase the recursive equations in the above definition (from the 4th equation onward). For example, the 5th equation is represented in table form as AAB

A

Β

f

f

f

f

t

f

t

f

f

t

t

t

INDUCTIVE DEFINITIONS ON FORMULAE

31

The way we read the above is that for all possible values of the not necessarily atomic formulae A and Β we have listed the correct value of Α Λ Β. We do not care how A and Β actually obtained their values. Indeed, we do not care how Λ and Β are built; they can be as complex as they like. Here is an example of a definition of a "concept" regarding formulae, by induction on formulae. 1.3.6 Definition. (Occurrence of a Variable) We define "p occurs in A" and "p does not occur in A" simultaneously. Occl. (Atomic) ρ occurs in p . It does not occur in any of q, Τ, ±—where q is a variable distinct from p. Occ2. ρ occurs in (-Λ) iff it occurs in A. Occ3. ρ occurs in (Α ο Β)—where ο is one of Λ, V, —• , =—iff it occurs in A or Β or both. • 33

1.3.7 Remark. We wanted to be user-friendly (which often means "sloppy") in the first instance, and said that the above defines a "concept": "Occurs'V'does not occur". In reality, all such "concepts" that we may define by recursion on formulae are just functions. For example, this "concept" can be captured by the function "occurs(p, A)", where occurs{p, A) = 0 means " p occurs in A", and occurs(p, A) = 1 means "p does not occur in A". • 1.3.8 Remark. (Finite "Appropriate" States) A state ν is by definition an infinite table. Intuitively, the value of a formula A in any state ν should depend only on the values of the variables that occur in A and on no others. Thus, for any one A, the state could be truncated into a finite table "appropriate" just for A—defined on all the variables of A but undefined elsewhere—without altering the Boolean value of A. Such a table would have one row for each variable that occurs in A, plus the two rows for ± and Τ—which in the end can be omitted as they offer no surprises. Our intuition is correct. Here is a proof by induction on A of the relevant statement: Ifv and v' are two states that agree on the variables of A, then v(A) = v'(A), where "= " is metamathematical equality on the set {f, t}. The proof, as it must, goes back and forth among Definitions 1.3.6 and 1.3.5 while, tacitly, it is also mindful at all times of how formulae are formed, going from less to more complex ones (Definitions 1.1.5 and 1.1.10). Basis. If A is atomic, then either (1) It is a constant, and hence v(A) = v'[A) by Definition 1.3.5, equations two and three, or Needless to say, by the "iff", it does not occur exactly when we have both: It does not occur in A and it does not occur in B. ,3

32

THE BEGINNING

(2) It is p. By assumption, υ(ρ) = v'(p). Okay! Complex formulae have two main shapes: Case where A is (->C): The I.H. applies to C. We use it as follows: (1) Since (1.3.6) C and -Ό have precisely the same variable occurrences, it is that ν and v' agree on the variables of C. (2) By I.H. we get v(C) = v'(C), and so v(-^C) = v'{^C) by 1.3.5. 34

Case where A is C ο D: By Definition 1.3.6 (Occ3), each of C and D have all their variables also occur in C o D; therefore, by assumption, ν and v' agree on all the variables that occur in C and D. By I.H. v[C) = v'(C) and v(D) = v'(D). By 1.3.5, v{C ο D) = v'(Co D). This concludes the proof. • 1.3.9 Definition. (Tautologies) Boolean logic is primarily interested in those formulae that are true (t) in all possible states. Such formulae are called tautologies and because of their "shape", i.e., the way they are put together from atomic formulae, brackets, and connectives, are "always" true. We use the shorthand notation 1 = ^ A to indicate that A is a tautology. • In view of 1.3.8, when checking a formula A for tautology status, we need to check it only on all finite states appropriate for A. If and only if we find that its value in all those states is t, then it is a tautology. Thus there is a finite process to do this, however, one that at the present state of the art is ridiculously inefficient: To so check an A that has η Boolean variables (occurring in it) we need a truth table of 2" rows. Current research on the "P = NP?" question of Cook ([5]) converges toward the opinion that it is highly unlikely that we will ever have a way to check tautologyhood, deterministically, in a manner appreciably more efficient than constructing a truth table. This is one additional reason why we are interested in discovering tautologies in a different way, nondeterministically, one that allows shortcuts in the calculation by allowing the prover to guess the correct next step from a set of candidates, whenever such a choice is offered, thus avoiding having to check all possible avenues that offer themselves. These guesses, when possible, are informed by experience and human intuition and ingenuity and shorten the process of tautology verification. Enter (syntactic) "proofs" of the next section. 35

1.3.10 Example. (Some tautologies) Τ and ρ —» ρ are tautologies. The latter follows from v(p —> p) = F_(v(p),v(p)) and the truth table on p. 29. How about ρ —> q —> p? First, remember that this is sloppy for (p —> {q —> p)). Thus the last connective to act is the leftmost. ^The I.H. is invariably "assume the claim for all formulae less complex than A". As such, it deserves no explicit mention. It is not known whether there is a fast nondeterministic algorithm that verifies every tautology. But even if we discover one such, it is unlikely in view of what I said above that we can eliminate the nondeterminism without significant speed loss. 35

INDUCTIVE DEFINITIONS ON FORMULAE

33

Here's the general technique: The table below has two components. The statepart consists of the first two columns. Each row of these columns is a finite state appropriate for the formula. The value of the formula in each state is found beneath the last-to-act connective in the process of 1.1.3. To compute this value, we use the values v(p) and that of q —> p. The values of the latter are aligned under the relevant connective, the "—•" of the subformula q —> p. In general, in the value part we align the values that we compute under the connective that acted last in the subformula we are evaluating. ρ

q

ρ

->

q

(3)

0)

->

ρ

(2)

f

f

t

t

f

t

t

f

t

f

t

t

t

t

t

t

The number headings (l)-(3) above indicate the order in which the columns are built. By the way, we have just verified that (=caut Ρ —* q —* PWhat about A —* Β —> A where A, Β are arbitrary formulae? Can we settle this question without knowing the particular ways that A, Β are put together from variables, connectives, and brackets? Yes! No matter how they are put together, in any state ν we have that each of A, Β attain one of two values t or f. Thus the exact same table as the above, but this time using A, Β and A —> Β —» A as column headings, A

Β

->

Β

->

(3)

(2)

f

t

t

(1) f

A

f

t

t

f

t

f

t

t

t

t

t

t

A

settles the question: We have [ = i A—* Β —> A. We must be sure to read the above table correctly. We are not saying that we are assigning values to A and Β (we can assign values only to variables and constants). We are saying that the possible pairs of values of A and Β—in that order—no matter what state we are in, will be among the four listed in the table. Then using Definition 1.3.5 we fill in the last two columns of the table. • a u l

There are three more concepts related to tautologies that we want to introduce, but first some notation:

34

THE BEGINNING

We use the metavariables p , q, r, qg,. • • for variables, and Α, Β, E, Q for formulae. What shall we use for sets of formulae! Convention: We denote sets of formulae by certain capital Greek letters, as a rule, by those that cannot be confused with Latin letters. Thus Γ, Δ, Σ , θ will always stand for sets of formulae (such sets may have zero, one, two, three, one million, or infinitely many members). Of course, we use these letters to denote such sets if either (i) We do not care what are the members of a set of formulae or (ii) We do care, but we are going to refer to that set over and over again in an argument; thus rather than, say, writing {_L, ρ, ρ —> q,p —»-^q} over and over again, we may give it a name saying, "Let Σ stand for {±, ρ, ρ —> q, ρ -* -><j}." By the way, we must not confuse the set {A} with its member A. These are different. Think in terms of types (as in programming languages): {A} is an object of type set while A is an object of type formula. 36

1.3.11 Definition. A formula A is satisfiable iff there is at least one state ν where v(A) = t. A set of formulae Γ is satisfiable iff there is at least one state υ where for every formula A in Γ, v(A) = t. We say that ν satisfies Γ. We say that Γ tautologically implies A—and write Γ ( = A— iff for every state ν that satisfies Γ we must have v(A) = t. We call Γ the hypotheses (plural, in general) or premises of the implication, while A is the conclusion. We say that a formula A is unsatisfiable or a contradiction iff for every state v, we have v(A) = f. We say that a set Γ is unsatisfiable ifffor every state ν there is at least one A in Γ such that v(A) = f. • uut

By convention, logicians write the simpler A f=taut Β for the correct {A} (= B, and more generally, prefer to write A\,..., A \= Β rather than the correct (but pedantic) {A ,...,A } \= B. Note that intuitively, a tautology A is true, no questions asked, and must be accepted as such. On the other hand, the conclusion of a tautological implication is only relatively true, relative to the premises, that is: // we accept the premises as true, then we must also accept the conclusion as true. This relativity of truth is at the heart of mathematics. For example, if we accept Euclid's "5th postulate" as true, then we must accept that the sum of the angles of any triangle equals 180 degrees. This is a relative truth, since Euclid's 5th postulate is not an absolute truth. Accepting any one of its possible negations leads to a totally different (relative) truth regarding the sum of angles in a triangle. Uut

n

x

n

aat

aut

37

38

39

W e may also say, "Let Σ = {_L, ρ, ρ —» q, ρ —• ->g}." It states that through a point that lies outside a given line it is always possible to draw a unique line parallel to the given one. "Strictly speaking, this example lies beyond Boolean logic, since we need predicate logic in order to "speak" and do Euclidean geometry. Nevertheless it illustrates the phenomenon of relativity of truth in a familiar branch of mathematics. O n e possible negation is that you can draw two parallels (Lobachevsky). Another is that you can draw no parallels at all (Riemann). 36

37

,9

INDUCTIVE DEFINITIONS ON FORMULAE

1.3.12 Example. We can in principle verify A ,.. .,A x

p

q a state

Αι

•••

\=

n

Β

n

all t

Β via a truth table

M

A

35

must be t too

We look only at those rows that have t everywhere between the two "||" vertical dividers. We must ensure that these rows have a t under Β as well. By the way, the Ai and Β being, in general, complicated formulae, we need the "p, q,..." columns to the left of the leftmost || in order to compute the values of the Ai and Β in all states. In general, when checking Ai,...,A„ \= B, one cannot avoid building the whole truth table (or doing some equivalently laborious task) for the following reasons: (1) As we have said, at the present (and foreseeable) state of the art there is no way to check whether A is a tautology any more efficiently than it takes to build the whole truth table, in terms of the variables p, q,..., of A. (2) If we had a substantially faster algorithm for tautological implication, we could use it to also establish tautologyhood fast, since |=taut A iff Τ (=„„,, A. However, in many cases of practical interest we can do better since we need to only check the rows that have exclusively t's between the two || dividers, and ignore all the other rows. Sometimes we can identify these rows without building the whole table. For example, we can quickly see that A, Β j=taui A A Β since whenever v(A) = v(B) = t we have υ(Α A B) = t (cf. 1.3.5). We did not compute the other three rows. A more substantia) example is aat

A V Β, -Α V C \=

ailt

BvC

If this is done by the full table method we need 8 rows to compute the values of A V Β, -.A V C, Β V C for all possible ordered triples of values v{A),v{B),v{C). But instead, let us be clever: Okay; we merely need to compute the value v(B\/C) on the condition that v(ylv5) = ti(-i/lvC) = t (1) We analyze (1) according to two cases: (i) v(A) = f: By (1) and 1.3.5, v(B) = t. But then υ(Β V C) = t by 1.3.5. (\\)v{A) = t: By(l)and 1.3.5,v{C) = t. But then v(BvC) = t b y 1.3.5. • 1.3.13 Example. Here is a really important example: _L \=^ A. Well, I need to ensure that for every v, where v(±) = t, I also get v{A) = t. Since no υ satisfies v(±) = t—i.e., there are no rows to check—I am done. We have seen such situations before. The statement is vacuously true. Like before, one can explain this by saying, "The only way to refute ± \=mut A is to find a ν where υ(±) = t but v(A) = f. But such a task must fail as no ν satisfies = t." • at

36

THE BEGINNING

Here is a simple but nice exercise that you must try: 1.3.14 Exercise. (1) Show that ^=, A iff 0 [=„,„, A. (2) Show that Αι,...,Α \=^ Β iff \=tw Αχ -> A -> ... A -> β . (3) Show that Γ hum β iff Γ U {-·β} is unsatisfiable. We note here that for two sets Γ and Σ the notation Γ U Σ—called the union of Γ and Σ— denotes the set that contains every member of Γ and every member of Σ. • aut

η

Μ

2

n

We conclude this section with the definition of substitution in a Boolean expression, and with the proof of two important properties of substitution. Intuitively, the symbol" A[p := β ] " is shorthand that means—i.e., expands into— the string we get if we replace all occurrences of the variable ρ in A by the formula B. We may think of this operation as defining a function from formulae to strings: Input: Α, ρ, B; output: the string denoted by A[p := B). In order to read the following definition of substitution correctly, we emphasize that the "operation" [ρ := β] takes place in the metatheory and has the highest priority against all other "formal operations", i.e., the Boolean connectives -ι, Λ,ν,—>,=:. For example,-Ά[ρ := β] means ->{A[p := β ] } , where the symbols " { , } " are here meta-brackets inserted to indicate the order of application of "operations". Naturally, because of its placement, this operation is Ze/r-associative, so that A\p := B][q := C] means {A[p := B]}[q := C}. 1.3.15 Definition. (Substitution in Formulae) In whatfollows, "=" denotes equality in the metatheory, here between strings. The definition states the obvious: (1) It handles the basis cases in the trivial manner, and (2) when A is actually built from i.p. (cf. 1.1.10), it says that we substitute into each i.p. first, and then apply the connective. As we usually do in definitions we are careful not to use formula abbreviations. All brackets are present. Note the use of metavariables. ifA = p if A = q (where ρ Φ q), or

β A A[p := β] = (^C[p:=B}) { (C[p := Β] ο D[p := β])

A = T , or A = J. if A = {-

where ο is one of Λ, V, — = .

•

We state and prove two easy and hardly unexpected properties of substitution: 1.3.16 Proposition. For any formulae A and Β and variable ρ, A\p := β] is a (well-formed!) formula. 40

A proposition is a theorem—here, metatheorem—that did not quite make it to be called that. You see, people reserve the term theorem, or metatheorem, for the "important" or earth-shattering stuff that

4 0

PROOFS AND THEOREMS

37

Proof. Induction on A, keeping an eye on Definition 1.3.15. Basis. If A is atomic, then we get either A or Β formula; okay in either case. Complex formulae have two main shapes: A is (->C): The I.H. applies to C, thus C[p := B] is a formula. Then so is (-.C[p := B\) by 1.1.7. A is ( C o D): The I.H. applies to C and D, thus C [ p := B] and D[p := β] both are formulae. Then so is (C[p := Β] ο Z)[p := β ] ) , again by 1.1.7. • 13.17 Proposition. If ρ does not occur in A, then A[p := B] = A, where for convenience we once more use " = " as metamathematical equality of strings. Proof Again, by induction on formulae A: Basis. A can only be one of q (q Φ ρ), Τ, or ± , by Definition 1.3.6. Then, by Definition 1.3.15 (2nd case), A\p := B] = A. Okay, so far. Complex formulae have two main shapes: A is (-iC): Does ρ occur in C ? No, by assumption (it does not occur in A) and definition of occurrence (1.3.6). Now, the I.H. applies to C , thus C [ p := B] = C. We are done by 1.3.15, case 3. A is (C ο D): By 1.3.6 (Occ3) ρ occurs neither in C nor in D. The I.H. applies to both these subformulae; thus C[p — B] = C and D[p := B] = D, and we are done by 1.3.15, case 4. • 1.4

P R O O F S AND T H E O R E M S

We are ready to develop a calculus that we may use to write down theorems. We will learn to "calculate theorems" just as we have learned to "calculate" ( = "parse") formulae. Boolean logic is a (crude) vehicle through which we formulate and establish mathematical truth. This truth is captured absolutely (tautologies) or relatively to certain premises (tautological implications). Thus, when we do Boolean logic, our main task is to discover and verify tautologies, and more generally, to discover and verify tautological implications. We have already remarked that the presently known mechanical ways to check for tautology status as well as to verify tautological implications are hopelessly inefficient, and that there is every indication that an efficient tautology (or tautological implication) checker will never be discovered. One turns to utilizing human ingenuity and experience—in other words, utilizing (educated) guessing—toward effecting serious shortcuts in the process of certifying tautologies and tautological implications. This guessing (or "nondeterministic") we prove. All else that we prove are just propositions (or lemmata—singular: lemma) if they have just "auxiliary status", just like FORTRAN subroutines; or they are corollaries, if they follow trivially—more or less—from earlier results.

38

THE BEGINNING

process of certifying tautologies and tautological implications is syntactic rather than truth table driven (semantic) and is called theorem proving. The theorems that we will learn to prove with this new syntactic technique will be either absolute truths (tautologies) or truths that are relative (conclusions of tautological implications) to certain assumptions that we have accepted. Our major concern as we are founding this syntactic proof calculus will be to ensure that whatever tools we utilize are capable of certifying all absolute and relative truths, and only those. That is, these tools will never "certify" a falsehood as a "theorem". Our degree of success in implementing these requirements will be assessed later (Section 3.1 will assess the promise for only those, while 3.2 will assess the one for all). As I said before, I kind of like the terms calculate theorems and theorem calculus as they remind us that proving theorems is a precise syntactic (synonym for formal, i.e., depending only on form) algorithmic process. This observation is the origin of the alternative name of equational logic of [11]: calculational logic. However, most logicians and mathematicians would proclaim that they "proved" (rather than "calculated") a theorem and would rather call a theorem-calculation a proof. 41

First off, a theorem-calculation or proof h a finite sequence of formulae, entirely analogous to formula-calculations. Each formula occurring in a proof will be called a theorem. The specifications of formula-calculations are the following two: (1) A formula-calculation must start with the simplest possible kind of formula: one that is "primitive", i.e., atomic. (2) Every operation that extends the formula-calculation must preserve the property "formula": either it is the trivial operation of writing down an atomic formula, or it is an operation that acts on previously written formulae and produces a formula. Entirely analogously, as it flows from the preceding discussion in this section, the specifications of theorem-calculations are the following two: (1') A theorem calculation must start with the writing down of a formula that is among the simplest possible theorems—a "primitive theorem" for which the validation process is simply to write it down! We call such a formula an axiom. (2') Every operation that extends the theorem-calculation must preserve the property "theorem"; thus, it is either the trivial act of writing down another axiom, or it is applied to already-written theorems, resulting into a new theorem. Since a theorem calculation must certify truth, these nontrivial operations, or rules, must preserve truth. Technically, whenever they are applied to formulae A\,...,A and yield a formula β as a result, it is necessary that they obey A\,... ,A (= „, Β. n

n

ω

We have two types of axioms: The logical axioms are certain well-chosen absolute truths; therefore, they are certain tautologies. The other type we will call special axioms, but also assumptions or hypotheses. These are not fixed outright, but 42

•"Later there will be a weakening of this somewhat dogmatic statement. The qualifier well-chosen will be revisited later. 42

PROOFS AND THEOREMS

39

may change from discussion to discussion. They are not deliberately chosen to be absolute truths, but are formulae that we "accept as true" (cf. discussion on relativity on p. 34) simply because we are interested to explore what sort of (tautological) conclusions we may draw from them. In intuitive terms—since the quest for theorems is the quest for "mathematical truths", absolute or relative—the axioms are our initial truths. Our rules of reasoning will allow us to derive further truths from, and relative to, the axioms. The nontrivial operations that lengthen proofs (cf. (2') above) are called rules of inference. To achieve the purely syntactic character of proofs, the rules of inference are applied in a manner that the input/output relation is purely syntactic. For example, one of the two primitive rules, soon to be introduced, applies to any formulae of the forms A and A = Β and "outputs" B. The rule does not care about which specific formulae A or Β stand for, nor about the semantics of any of A,B,A = B. The only thing that the rule cares about is that it "sees" as input an equivalence on one hand, and the first formula of this equivalence on the other. It immediately "knows" that it must "output" the second formula of the equivalence. 43

44

45

In order to describe the rules of inference, we need formula schemata (or, simply, schemata). A schema is a string in the metatheory (i.e., outside logic) over the augmented alphabet that along with V (p. 9) includes the symbols "[", ":=", and "]", and all the syntactic variables for formulae and Boolean variables. The syntactic structure of a schema is, by definition, such that if we replace all the syntactic variables that occur in it by any specific formulae and variables, as appropriate, then the result names a formula of WFF. 46

1.4.1 Definition. (Schema Instance) An instance of a schema is the formula we obtain if we replace all its metavariables with specific objects (formulae/Boolean variables) as appropriate. • Here are some examples of schemata: (1) A: It is a formula-metavariable; if we replace the letter "A" by some formula, well, we get that formula as the result! (2) (A = B): This schema has two formula-metavariables, A and B. Whatever formulae we may replace A and Β with, we get a formula by 1.1.7. (3) A[p := B): This schema has two formula-metavariables, A and B, and a Boolean metavariable, p. Whatever formulae we replace A and Β with, and whichever Boolean variable replaces p, we get a formula by 1.3.16. For this reason, I suppose, some people call them temporary assumptions. However, temporaryh not a technical term. For example, Euclid's 5th postulate has no expiry date. Yet it is not an absolute truth. ^The qualification chosen is picked purposely: I do not want to rule out as special axioms any that, either by accident or on purpose, have been chosen to be tautologies. Analogously, when we defined the notation Σ Haut A, quite correctly we did not forbid the case where some formulae of Σ may be tautologies. W e will encounter many derived rules. These are not "given" or postulated up front, but we prove their validity. ^Schema, plural schemata (and, incorrectly but often, schemas), is Greek for form and figure. 43

45

THE BEGINNING

40

We often write the rules of inference as "fractions", like Pi,P2,...,P

n

(R)

Q

where all of P\,... ,P ,Q are formula schemata. We call the "numerator" the premise (case η = 1) or premises (case η > 1) and the "denominator" the conclusion or result of the rule. Instead of premises we also say hypotheses or assumptions. The Pi and Q are syntactically related so that one can mechanically check this input/output relation by simply looking at the form of the Pi and Q. We have already noted an example of this mechanical applicability of a rule such as Α, Α Ξ Β Β The input/output relation of a rule need not be "functional"; that is, the result of a rule need not be uniquely determined by the hypotheses (cf. Leibniz rule below). n

It is obvious why a rule is expressed in terms of schemata rather than specific formulae. Schemata allow a rule to be applicable to infinitely many formulae. If conclusion and premises were specific formulae, then there would be just one case where the rule would be applicable, which would hardly qualify it to be called a rule, a term that creates the expectation of applicability to a vast number of cases. Here is an analogy: The input/output relation on numbers "in:3 / out:9" is not a rule, but "in:a; / out:x " is. 2

How a rule like (R) above is applied will be clear in Definition 1.4.5. Let us finally introduce the two primitive rules of Boolean logic that we will adopt in this volume. 1.4.2 Definition. (Rules of Inference) The following two are our primitive or primary rules of inference, given with the help of the syntactic variables A, B, p, C: Infl

Β C[p := A] = C[p := B]

(Leibniz)

Inf2 A,A = B Β

(Equanimity)

An instance of a rule of inference is obtained by replacing all the letters A, B, C and ρ by specific formulae and a specific variable respectively. • The rule names conform to those in [17]. 1.4.3 Remark. (1) Why primary! Do we also have "secondary rules"? Yes. We will soon learn that we can apply additional rules in a theorem-calculation, which are not mentioned in the definition of proof below (1.4.5) because they are not theoretically

PROOFS AND THEOREMS

41

necessary toward defining proof and theorem. Such additional rules are not to be arbitrarily added to our toolbox without question. Instead, we will show before adding them, via a rigorous mathematical argument, that we are allowed to use them. This "allowed" means that there is nothing we can prove using these additional rules that we cannot prove without them. We call such additional rules derived rules, or secondary rules. Compare, once again, with programming languages. Some general-purpose procedural languages were designed not to contain the instruction goto because it was considered "harmful" by some influential computer scientists in the 1970s (cf. [10], which, arguably, started it all)—but not by all (cf. [28]). Nevertheless, one can prove that goto can be simulated by the originally given instructions. It is a "derived" kind of instruction in those goto-less languages. Harmful or not, one will agree that adding one more tool does add to convenience, in general. (2) Other than the "restriction" that the A, B, C and ρ are metavariables of the agreed-upon kind, there is no other restriction on the letters. In particular, we have no assumption on whether ρ actually occurs in C of the Leibniz rule. Either way, it is all right. (3) We have already discussed the mechanical nature of Inf2. That also Infl is mechanically applicable is clear: Once we have written "A = B", we can pick any formula C whatsoever and any variable ρ and construct the output, first effecting two substitutions and then connecting the results with the connective " = " in the indicated order. Note that the Leibniz rule is not functional: Infinitely many different outputs are possible for a given input A = B. • We now turn to our choice of axioms. Schemata; again. We noted already that the axioms will be "initial truths", and as such they will be selected tautologies. Suppose then, for the sake of discussion, that one of the tautologies of choice to attain axiom status is ρ Ξ p. But how about q = ql Or how about ρ V p' = ρ V p' and, indeed, how about (p V p' Ξ ρ V ρ') = (ρ V ρ' Ξ ρ V ρ')? AH these have the same form, namely A = A, where A stands for an arbitrary formula. Naturally, if we want to include ρ = ρ, then we will want to include all those tautologies that have the same "shape", A = A, as well, since surely they all state the same (absolute) principle: "Every statement is equivalent to itself." If this is a "truth" worth postulating, then it would be absurd to do so just for one of its special cases, just for the variable p. There are two main ways to achieve this generality: (1) The "modern" and rather obvious way: Rather than saying, "include ρ Ξ ρ and q = q and ρ V ρ' Ξ ρ V p' and (ρ V ρ' Ξ ρ V ρ') Ξ (ρ V ρ' Ξ ρ V ρ') and ...", we say, "include the schema A = A' This means include all instances of A = A (cf. 1.4.1). 1

42

THE BEGINNING

(2) The "old" way: "Include just ρ = ρ; however, add a new primary rule of inference called substitution." This rule

Α ^ Β ]

when applied to the formula "p = p" (that is, take A to be ρ Ξ ρ and ρ to be p) will be able to generate, by successive applications, all possible tautologies of the form B =

B.

There is a catch: Once you add rule (Sub) as a primary rule, you have to awkwardly hedge when writing proofs. The rule cannot be used in a theorem-calculation unless you know that the variable ρ does not occur in any formulae that are special axioms. This restriction in turn makes a very useful tool that we will soon obtain and learn to use—the deduction theorem—hard to state and even harder to apply. Thus, the old way is rightfully abandoned. In particular, we will not have any use for (Sub). 41

We next present the list of logical axioms for Boolean logic. The list is infinite, but because of the use of schemata it can be presented by a finite table. That is, there are only finitely many different forms of tautologies that we need to take as our starting point. These are largely the ones in [17] with a few adjustments. What the axioms do is to codify the most basic properties of the connectives. The following list both presents (in partially parenthesized notation ) and names the axioms. 48

1.4.4 Definition. (Logical Axioms of Boolean Logic) In what follows, A,B, C denote arbitrary formulae: Properties of= Associativity of Ξ Symmetry of Ξ

((A = B) = C) = (Α Ξ (Β = C ) )

(1)

(A = B) = (B = A )

(2)

Properties of J_, Τ Τ

vs.

_L

Τ Ξ Ι Ξ Ι

(3)

Properties of -> Introduction of -•

->A = A = _L

(4)

Properties of\l The current edition of [17] uses the old approach in Boolean logic (their Chapter 3) but switches to the modern approach for predicate logic (Chapters 8 and 9). One may assume that by the time the authors decided that the approach with schemata is better it was too late in terms of publication deadlines to rewrite Chapter 3 with schemata. •"•Recall that brackets associate from right to left.

47

PROOFS AND THEOREMS

Associativity of V

[A

Symmetry of V Idempotency of V Distributivity of V Over =

V

Β)

C = A

V

[Β

V

C)

(5)

Ay B = BV A

(6)

AV A = A

(7)

A\J{B

Excluded Middle

V

43

= C) = AVB

= A\JC

A V -Ά

(8) (9)

Properties of A Golden Rule

AAB

=A=B=AVΒ

(10)

Properties of —> Implication

A^> B = Av B = B

(11)

We will reserve the capital Greek letter "lambda", Λ, to denote the set of all logical axioms. This set is, of course, infinite. • The axioms of Λ, here, however, formulated in their schemata edition, are those that are customary in the "equational" (or "calculational") approach to doing logic, as presented, e.g., in [17] and [32], but with some minor differences—besides the essential one that [17] does not use schemata. For example, [17] uses Τ = A = A instead of (3). Moreover, our choice for (4) is natural, and hence easy to remember: It intuitively says "negating A is tantamount to saying that it is false" {A = _L). But [17] adopts instead a different axiom that eventually implies our (4): I quote it, but in schema form, "->(A = Β) = -Λ = B". This being intuitively less clear is also less memorable than the rest. We are ready to calculate! (Compare with Definition 1.1.3 and Remark 1.1.6(2).) 1.4.5 Definition. (Theorem-Calculations—or Proofs) Let Γ be an arbitrary, given set of formulae. A theorem-calculation (or proof) from Γ is any finite (ordered) sequence of formulae that we may write respecting the following two requirements: In any stage we may write down Prl Any member of Λ or Γ Pr2 Any formula that appears in the denominator of an instance of a rule Infl-Inf2 as long as all the formulae in the numerator of the same instance of the (same) rule have already been written down at an earlier stage We may call a proof from Γ by the alternative name Γ-proof.

•

1.4.6 Remark. (1) By definition, a Γ-proof is a purely form-manipulation construction without any reference to semantic concepts, such as t, f, etc. (2) We will call Γ the set of special axioms (Λ contains the "general" axioms). Special axioms are also called hypotheses or assumptions. Clearly, while Λ is reserved and "frozen" in the first part of this book, Γ can vary from subject to subject.

44

THE BEGINNING

(3) Any member of Γ that is not also in Λ we will call a nonlogical axiom. (4) Since any theorem-calculation from some Γ is a finite sequence of formulae, only a finite part of Γ and Λ may appear in such a calculation. This is entirely analogous with what happens in a formula-calculation: Each uses only a finite number of formal variables even though we have an infinite supply of those. • 49

1.4.7 Definition. (Theorems) Any formula A that appears in a Γ-proof is called a Γ-theorem. We write Γ I- A to indicate this. If Γ is empty (Γ = 0)—i.e., we have no special assumptions—then we simply write h A and call A just "a theorem". Caution! We may also do this out of laziness and call a Γ-theorem just "a theorem" if the context makes clear which Γ φ 0 we have in mind. We say that A is an absolute, or logical theorem whenever Γ is empty. • (1) Clearly, the symbol "h" of the metatheory formulates the predicate "is a theorem". (2) Definition 1.4.7 says that a formula is a theorem on one and only one condition: It occurs in some Γ-proof. We say that such a proof proves A from Γ, or from the hypotheses (of)T. In the common parlance of mathematics we may also say that "Γ derives A". (3) Note how in the symbol "h A" we take Λ for granted and do not mention it to the left of h 1.4.8 Remark. Thus, a Γ-proof of a formula A is a sequence of formulae B\,...,

B , A, C\,..., n

C

m

obeying the requirements stated in 1.4.5. It is trivial that if we discard the "tail" part " C i , . . . , C " of the sequence, then m

B ...,B ,A u

n

(1)

is still a proof. The reason is that every formula in a proof is either legitimized outright—without reference to any other formulae—or is legitimized by reference to formulae to its left. Thus (1) also proves A, since A occurs in it. This technicality allows us to stop a proof as soon as we write down the formula that we wanted to prove. • So, 1.4.7 tells us what kind of theorems we have: 1. Anything in Λ U Γ .

50

2. For any formula C and variable p, the formula C[p := A] = C[p := B], provided A = Β was written down already, and therefore is a (Γ-) theorem. 49

,n

That is, it does not speak about logic itself; logic does not need this axiom in order to function properly. We explained the notation "Λ U Γ" in 1.3.14 on p. 36, item (3).

PROOFS AND THEOREMS

45

3. Β (any B), provided A = Β and A were written down already and therefore are both (Γ-) theorems. Hey! The above is a recursive definition of (Γ-) theorems, and is worth recording (compare with Definition 1.1.7). 1.4.9 Definition. (Theorems, Inductively) A formula £ is a Γ-theorem iff Ε fulfills one ofThl-Th3 below: Thl £ i s i n A u r . Th2 For some formula C and variable ρ, Ε is C[p := A] = C [ p := B], and (we know that) A = Β is a (Γ-) theorem. Th3 (We know that) A = Ε and A are (Γ-) theorems.

•

1.4.10 Remark. (Theorem vs. Metatheorem) In the expression Γ h A, "A" is the theorem, not "Γ I- A". After all, a theorem by definition has to be a single formula that appears somewhere in some proof (1.4.7). So what is "Γ h A" then? It is a weiatheorem. It is a statement that we are making about our logic, about what the logic can do, if we take all the formulae in Γ as assumptions. It says, "there is a proof, which from assumptions Γ proves A." But how does one establish the validity of such a meta-result as quoted immediately above? By proving within Boolean logic—according to Definition 1.4.5, that is— the theorem A using assumptions Γ. This action does two things at once: It proves A (from Γ) and it also metaproves the statement ΓI- A. Nevertheless, people are mostly shy of such distinctions and it has become acceptable practice to say (by abuse of language) things like "I proved Γ I- A " all the time. See also the start-up comment in the next chapter. • 1.4.11 Exercise. So that you can check your understanding of the concepts proof and theorem, show (i.e., present proofs) that (1) A V- A, for any A. (2) A more general form of (1): If A is a member of Σ—also written "A € Σ"— then Σl· A. (3) h B, for any axiom B. • 1.4.12 Remark. (Hilbert Proofs) A Γ-proof is also called a Hilbert proof after the name of the great mathematician David Hilbert, who essentially was the first serious proponent of the idea to use logic to do mathematics. Hilbert also helped to found modern logic in an axiomatic and rigorous setting, and defined the concept of proof, essentially as above. 51

"There are some inessential differences. Hilbert used a different set of logical axioms, and a single rule of inference.

46

THE BEGINNING

In practice we write a Hubert proof vertically on the page, i.e., one formula on top of the other, numbering every formula. It is imperative that we provide annotations to explain what we are doing at every step and why. The numbering assists us in referring to previous formulae. All proofs, whether they are in the Hubert style or in the equational style (the latter style will be introduced shortly), must be annotated. • 1.4.13 Example. (Some Very Simple Annotated Hubert Proofs) (a) We will verify that "A, A = BVB" for any formulae A and B. Thus we need to write a formal proof of Β using A and A = Β as hypotheses (cf. 1.4.10). The part "for any formulae A and B" makes this result applicable to infinitely many instances, one for each specific choice of A and B. It is therefore a metatheorem schema. We could have said instead, "prove the schema Α, Α Ξ Β h B", a formulation where the part "for any formulae A and B" is redundant. The same comment applies to any theorems (and metatheorems) that we will prove where we have letters to stand for arbitrary formulae. Let us establish (a) now. Make sure you memorize the style! This is how you will write your own Hubert proofs. Every line must be numbered and annotated!

(1) (2) (3)

A

(hypothesis)

A = Β (hypothesis) Β

((1) and (2) and Equanimity)

Worth stating. It is clear from Definition 1.4.5 that assumptions can be scrambled. So we have also established Α Ξ Β, A h Β by the very same proof. Can we also swap A and Β in Α Ξ B? It turns out that we can. But the above proof does not address this question: after all, Β Ξ A is never mentioned. It is a fatal error to say, "but is not ' = ' symmetric? I can see that it is so from the truth table of p. 29." No; you see, we have not connected our syntactic proofs with semantics yet. Until such time, the only things that we may assume that we can do must directly follow from 1.4.5 in connection with our axioms and rules of inference. (b) We next (meta)prove Α Ξ Β h C[p := Α] Ξ C[p := B].

(1) (2)

(hypothesis)

A = B C[p := A] = C[p

B\ ((1) and Leibniz)

Hmm. Is there a pattern here? Indeed there is! Any rule like (R) of p. 40 leads to the statement of provability Pi,

Pi,

,Pn^Q

as the proof PuPi

•,Pn,Q

PROOFS AND THEOREMS

47

establishes. This once we have written a Hilbert proof horizontally and without annotation, in order to expedite the obvious. That this is a {Pi, P 2 , · • · , P }-proof of Q is clear: Referring to Definition 1.4.5 we see that writing Pi, P2,..., P (indeed doing so in any order if we wish) is legitimate by Prl. Then following this by writing Q is also legitimate by an application of rule (R) on the previously written formulae. n

n

This is why in some of the literature (e.g., [43]) rules of inference are written as in (R ) above rather than in "fraction form". Tradition has it that derived rules of inference are always written in the style (R ). After all, such a rule is a (meta)provable principle and says that from certain assumptions we can prove a certain conclusion. 1

1

(c) We (meta) prove a derived rule of inference, called transitivity. It is A = B,B = C\- A = C

(Transitivity)

Here it goes: (1)

A = Β

(hypothesis)

(2)

Β = C

(hypothesis)

(3)

(A = Β) = (Α Ξ C) ((2) and Leibniz, denom. "A = p " where ρ is fresh)

(4)

A= C

((1) and (3) and equanimity)

What's this about "fresh"? This means that ρ does not occur in any of A, B, C. Actually, all I need here is that it just does not occur in A, but it takes less space to say it is fresh in the annotation, so I can fit it in one line! I want ρ not to occur in A so that when I do "(A = p)[p := B] = (A = p)[p := C\" I am guaranteed that I get line (3). If ρ does occur in A then the substitutions will change A and I will not get line (3)! See also 1.3.17. Pause. But what if I cannot find a fresh p? Actually, I always can, since I have an infinite supply of variables, while only finitely many appear in A, B, C. (d) We next prove the theorem (schema) A = A. Note that I mentioned no assumptions. This is an absolute result. Another way to say this is "metaprove I- Α Ξ A", or if you hate to say "meta", say instead, "establish that h A = A" or "show that h A = A". (1)

A V A = A (axiom)

(2)

A = A

((l)andLeib: A[p := Av A] = A[p := A] where ρ is fresh)

A few remarks: (i) We may use any logical axiom of the form " . . . = · · · " in place of A V Α Ξ A in the above proof. By the way, this is our first proof where we used a logical axiom. (ii) For logical axioms our annotation will just be "axiom". For special axioms, our annotation will always be "assumption" or "hypothesis".

THE BEGINNING

48

(iii) We do not need to name the axioms (idempotent, etc.) in our annotations, and certainly I do not want you to memorize their numbers in the list! (What if I scramble the list?!) But we must be truthful. Writing, say, "A = B" and annotating "axiom" will not get us anywhere. (iv) Rules must be named, and we must annotate how they are applied! In what follows we will make a habit of abbreviating rule names. For example, "Leibniz" will be Leib and "Equanimity" will be Eqn. Transitivity will be Trans. In the next chapter we systematically prove several theorems (in almost all cases schemata) and metafheorems to enrich our toolbox and enhance our familiarity with the methodology. We also introduce the equational style of proof. •

1.5

ADDITIONAL E X E R C I S E S

1. Which of the following are Boolean formulae? Why? (Do not use any general principles; just try to give a good reason based on the definition of formulacalculation (1.1.3)). •

ρ

• (Ρ)

• Τ • V • P-*( A V £?)". Prove that every formula is tautologically equivalent to one that contains no constants (±, T) and moreover, the only connective in it is J.. 20. Let us introduce a new Boolean connective Τ by "A | Β means ->(ΑΛ Β)". Prove that every formula is tautologically equivalent to one that contains no constants (_L, T) and moreover, the only connective in it is T-

CHAPTER 2

THEOREMS AND METATHEOREMS

2.1

MORE HILBERT-STYLE PROOFS

Before we begin. A word on the use of the headings "theorem" and "metatheorem". In what follows we will prove several theorems and a few metatheorems. Some of the theorems will be absolute (no assumptions beyond logical axioms used) and some will be relative. These will be tersely stated with headings like "theorem" and the text of the result will have the format "h A" or "Γ h A" respectively. The theorem in each case, announced by the heading "theorem", is just "A" (cf. the discussion in Remark 1.4.10); thus the heading is purposely abusing terminology—but this conforms with normal practice. On occasion we will establish statements of the form "if Γ h A, then also Σ h £?". This type of result will be a metatheorem that will appear with such a heading.

2.1.1 Metatheorem. (Hypothesis Strengthening) If Γ h A and Γ C Δ, then also Ah A. Note. Γ C Δ means that every formula of Γ also occurs inside Δ. Mathematical Logic. By George Tourlakis Copyright © 2008 John Wiley & Sons, Inc.

51

THEOREMS AND METATHEOREMS

52

Proof. Any Γ-proof of A is also a Δ-proof, for whenever the legitimacy of writing down a formula Β in the proof is by virtue of Β being in Γ, then this precise step would also be legitimate if we were composing a Δ-proof, since Β is also Δ. The other two legitimate reasons for writing a formula down are independent of our choice of assumptions (cf. 1.4.5). • 2.1.2 Remark. In particular, if h A, then also Γ h A for any set of formulae Γ. This is because 0 C Γ vacuously. • 52

2.1.3 Exercise. Prove the content of the above remark not as a corollary of 2.1.1 but directly from 1.4.7 or 1.4.9. • 2.1.4 Metatheorem. (Transitivity off-) Suppose that we have Γ h B\, Γ h B , Γ h B . Suppose, moreover, that we also have B\,..., B h A. Then Γ h A. 2

n

n

Proof. By assumption we have Γ-proofs (cf. 1.4.8) (1) ,B

(2)

2

(n) We also have a B j , . . . , B -proof n

(n+1)

•,A

We now concatenate all proofs (l)-(n) (in any order will be fine) and append to the end of the result proof (n + 1) to form the sequence • · ·, B\ ...,B

2

,...,

. · ·, Bi

·> ·

·

• Ϊ

..., B

n

, ...,A

(*)

In (*) every formula C satisfies either Case 1 or Case 2: Casel: Is in a sequence among (l)-(n). Thus C is either written outright (because it is in Γ U Λ) or because it follows from a previous formula, via Eqn or Leib. This "previous" consideration is localized in the sequence ((i), i = 1 , . . . , n) where the formula belongs. Case2: Is in the sequence (n + 1). Thus C is either written outright (because it is in Λ or is one of the Bj) or because it follows from a previous formula, I trust that you cannot think of any member of 0 that is not in Γ. "The boxes are inserted to improve readability.

52

MORE HILBERT-STYLE PROOFS

53

localized in the sequence (n + 1), via Eqn or Leib. We would like to say that (*) is a Γ-proof and rest the case. The only part above, while checking the sequence for legitimacy, that may bother us momentarily is the underlined part in Case 2 above: Writing Bi outright is fine for a B\,..., B -proof but may not be for a Γ-proof since we have no guarantee that Bj is in Γ. n

No problem: Any Bi that is written down in the . . . , A\ (last) segment of the sequence {*) is legitimate in the Γ-proof context. Indeed, it was already legitimized as the last formula of the . . . , Bi\ segment. So (*) is a Γ-proof, and thus A is a Γ-theorem. • 2.1.5 Remark. The above metatheorem makes derived rules of inference usable. While primary rules, by definition (1.4.5), are applicable to any formulae that appear in a proof, it was not a priori clear that this applies to derived rules such as "A = B,B = C \- A = C". Now it is. Any proof that looks like . . . , A = Β, . . . , Β ΞΞ

C, . . .

...,B

B,...

or like = C,...,A

=

can be, if it fits our purposes, continued as ...,A

= B,...,B

= C,...,A

= C

...,B

= C,...,A

= B,...,A

= C

or

respectively.

•

Metatheorem 2.1.4 has a very important corollary: 2.1.6 Corollary. If Γ U {A} h Β and also Γ h A, then Γ h B. The notation Γ U {A} was introduced in 1.3.14(3). A shorter form of it often used in writings in logic is "Γ + A". Proof. The proof of Β from Γ U {A} utilizes, besides A, only a finite number of formulae from Γ—because every proof has a finite number of steps, so it can use only finitely many formulae. Say the formulae used from Γ are C i i C-i,

C$,...,C

n

Thus the proof of Β is from {Ci,C ,C ,... 2

,C , A], that is,

3

n

C C ,C ,...,C ,AhB u

2

3

(1)

n

Since for any D in Γ we have Γ h D (cf. 1.4.11), it follows that rhC

1 )

ri-C ,rhC a

3 )

... rhC )

n

(2)

THEOREMS AND METATHEOREMS

54

Statements (1), (2), and the given Γ h A jointly satisfy the hypotheses of 2.1.4. Thus we have at once that Γ h B. • 2.1.7 Corollary. / / Γ U {A} h Β and also h A, then Γ h B. Proof. By 2.1.1, the hypothesis h A can be replaced by Γ h A Corollary 2.1.6 concludes the argument. • Corollary 2.1.6 essentially says that in a proof (from Γ) we are allowed to write down, not only (1 )-(3), that is, (1) any axiom, (2) any member of Γ, (3) any result of an inference rule applied to already-written-down formulae, but also we may write down (4) any Γ-theorem (like A above). In other words, the corollary justifies the legitimacy of quoting or using in proofs already-proved theorems without having to prove them all over again every time we need to use them! 2.1.8 Exercise. Show that Γ U {A} h Β and also Δ h A, then Γ U Δ h B.

•

All the preceding metatheorems in this section, and the exercise above, are independent of the choice of logical axioms and rules of inference as is clear from their proofs. We next turn to theorems and metatheorems relating to " Ξ " . 2.1.9 Theorem, h (A = (Β Ξ C)) = {(A =

B)=C)

Note. This is the mirror image of axiom schema (1). Proof. (1)

{(A = B) = C) = {A={B

(2)

({{A = B) = C)^(A=(B^

= C))

(axiom)

C)))

= ((A = {B = C)) = {{A = B) = C)) (axiom) (3)

[A={B

= C)) = {{A = B) = C)

((1,2) + Eqn)

•

2.1.10 Remark. The above theorem/axiom (1) pair allows us to insert brackets in any way we please in a chain of Ξ signs, or not insert them at all, since it does not matter one way or another. 54

If you believed, as you should, what I have just said above, then you may skip this part. Strictly speaking, the pair of 2.1.9 and axiom (1) deal with a chain of two = signs. The general case can be dealt with by (strong) induction on the length (i.e., ^Recall that "Α Ξ Β Ξ C" is the least-parenthesized notation for "(A to 1.1.11.

= (B = C))" according

MORE HILBERT-STYLE PROOFS

55

number of Ai) in the chain. The basis (n = 3) being settled as noted, we turn to the case of η > 3, where we want to show that h A = A = ••• = A Ξ ^AuA2,...,Anj x

2

(0)

n

The notation "(A , A ,..., A )" indicates, solely for the purposes of the exposition here, an =-chain of Ai in the order given, where brackets (other than the indicated outermost pair) are arbitrarily placed (we do not care how). Of course, the left-hand side implies that brackets are present and inserted from right to left (cf. 1.1.11). We have two cases pertaining to the right-hand side of (0), and these depend on where the last = was inserted (last in a formula-calculation of (Ai, A?,A ), that is): x

2

n

n

Case l :

55

The right-hand side of (0) is (omitting outermost brackets) A\ = D

where D denotes the Ξ-chain (A ,...,

A ).

2

n

(1)

By the I.H.

hA = •••= A = D 2

(2)

n

By 1.4.9, using the above in an application of Leibniz with "denominator" Αχ = ρ (ρ fresh) I obtain

h [A, = (A

Ξ

2

• · ·

= A ))

= [A, = D)

n

which, by right associativity of =, is (0). Case 2 :

56

The right-hand side of (0) is (omitting outermost brackets) (A ...,A )=E u

where k > 1 and Ε denotes (A i,..., A ). cases, Ε is nonempty, i.e., k < n. By the I.H. k+

Η

A

(3)

k

n

By the comment that led to the two Ay

= (A = • • • = A ) = (A ,...,

l

2

k

(4)

k

x

By 1.4.9, an application of Leibniz with "denominator" ρ = Ε (ρ fresh) yields from ("numerator") (4): h ([A

x

= (A, = --- = A )) = E) = ((A k

u

...,A ) k

= E)

(5)

By Theorem 2.1.9, I-

(A, = ((A = -.. = A ) = E)) = ((A, = (A 2

k

The last inserted = is the leftmost. The last inserted = is not the leftmost. Same as "I- A\ = • • • = A = (A\,..., only for emphasis; cf. 1.1.11.

2

Ξ

· · · =

A )) = k

E)

(6)

55

56

57

k

A )". k

The brackets around Ai = • · · = A

k

are inserted

56

THEOREMS AND METATHEOREMS

Remembering 2.1.5, and using 1.4.9 with an application of the derived rule (Trans) (p. 47), (5) and (6) yield r- (A = ((A = --- = A ) = E)) = ((A x

2

u

K

...,A )=E)

(7)

k

By Case 1, h Αι Ξ • · · = A • • · Ξ A -! =A = k

n

n

(Ar = {{·•• = A ) = • £ ) ) k

(8)

thus, by an application of 1.4.9 and (Trans) on (7) and (8), we get (0). Thus, in a chain of any number of = signs, we insert brackets merely to visually suggest what we have in mind, but for no other reason, as they have been shown to be redundant. • 2.1.11 Theorem. (The Other Equanimity) B,A = BV A Proof. (1)

Β

(hypothesis) (hypothesis)

(2)

A= Β

(3)

(Α Ξ Β) Ξ (Β Ξ A) (axiom)

(4)

Β = Α

((2, 3) + Eqn)

(5)

Α

((1,4) +Eqn)

•

The original primary "Eqn" says that if I assume an equivalence and the left formula of the equivalence, then I can conclude the right. This derived rule says that if I assume an equivalence and the right formula of the equivalence, then I can conclude the left. In all that follows we will call "Eqn " either the primary (Inf2) or the derived one without notice. 2.1.12 Theorem. 1- A = A Proof. We have already proved this schema in 1.4.13. We have stated it here again because it is important. • 2.1.13 Exercise. We proved the above using Leib and the trick that A[p := B] expands to A if ρ does not occur in A. This time, prove the result without the trick, but be careful not to introduce any circularities in your proof! • 2.1.14 Corollary, h ± = _L Proof. This is a specific instance of the theorem schema above. It is one of our very few examples of "theorems" as opposed to (the majority that are) "theorem schemata". •

MORE HILBERT-STYLE PROOFS

57

2.1.15 Corollary, l· Τ Proof. (1)

T = l = l (axiom)

(2)

±~±

(absolute theorem, cf. 2.1.6)

(3)

Τ

((1) and (2) and Eqn)

•

Worth Repeating: (Γ-) theorems can be inserted in any (Γ-) proof just like axioms are. This is due to Corollary 2.1.6 and has been employed above. In the above case Γ = 0. 2.1.16 Theorem. (Eqn + Leib Merged) C\p := A], A = Β I- C*[p := B] Proof C[p := A]

(hypothesis)

(2)

A= Β

(hypothesis)

(3)

C[p := A] = C[p := B] ((2) + Leib)

(4)

C[p:=B]

(1)

((1,3) +Eqn)

•

In our annotations we will call the above derived rule, whenever used, "Eqn/Leib" or "Leib/Eqn". 2.1.17 Remark. (Equivalent Logics) A Boolean logic is determined by its language, its logical axioms and its rules of inference. Fixing the language, two different choices of the remaining tools lead to two "different logics" as we say. These are equivalent if and only if they have exactly the same theorems. That is, one can do with the first set of tools precisely what one can do with the second. Compare with programming languages: There is a theorem (one can encounter this theorem in a variety of courses, including possibly data structures, or theory of computation) that the pair of instructions "if . . . then . . . else . . . " and "goto . . . " have exactly the same power as the pair "if... then . . . else . . . " and "while . . . do . . . " . That is, whatever one can do (i.e., program) using one, one can do using the other. How does one prove such results? By simulation. One proves that each set can simulate or "implement" the other. Back to logic, we just saw that Eqn and Leib can simulate "Eqn/Leib", so whatever we can do (i.e., prove) using the Eqn/Leib we can also prove using Eqn and Leib—i.e., our original logic. It turns out that, conversely, Eqn/Leib can simulate each of Eqn and Leib. Thus if we were to make an about face and drop Infl and Inf2 and adopt instead Eqn/Leib as our only primary rule, keeping the same logical axioms, we would get precisely the same theorems in the new logic as in our current logic. The new logic would be equivalent to the original ([32] uses Eqn/Leib as primary).

58

THEOREMS AND METATHEOREMS

While we will not do that, and will continue as planned with Infl and Inf2 as the primary rules—where Eqn/Leib is just a derived rule—it is nevertheless instructive to see the truth of my claim. (I) Simulation of Eqn by Eqn/Leib: (1)

A

(2)

A = Β (hypothesis)

(3)

Β

(hypothesis) ((1, 2) + Eqn/Leib: A is p[p := A] and Β is p[p := B}}

(II) Simulation of Leib by Eqn/Leib: Preparatory discussion: We want to (meta)prove A = Bh C[p := A] = C\p := B] using the axioms, but no rule other than Eqn/Leib. So we pick arbitrary A,B,C and p. Let us also pick a q that is not ρ and does not occur in any of A, C. Clearly, the substitution C[p := A] has the same result as C[p := q][q := A}. * That is, first change ρ into q everywhere in C and, after that, change q everywhere in the resulting formula into A. Similarly, the substitution C[p := B] has the same result as C[p := q][q := B\. 5

(1)

A = Β

(2)

C[p := A\ = C[p := q][q := A] (theorem (2.1.12); cf. discussion above)

(3)

C[p := A] = C[p := q][q := B\ ((1, 2) + Eqn/Leib)

(hypothesis)

In view of the preparatory remarks, the formula in line (3) is C[p := A] = C[p := B] as needed, and line (2) is (c[p (c[p

:= A] = C[p := q]^ [q := A] while line (3) is

•— A] = C[p := q]^ [q := B] as required for the proper application of

Eqn/Leib. By this I mean the requirement that "[p := A}" and "[ρ := B]" each apply to the same entireformula, not to some part thereof. Note that the assumption on q and A, C guarantees that q does not occur in C[p := A] and therefore C\p := A][q := A] and C[p := A][q := B] each give the same result as C\p := A}. Fatal Error! In the proof above, 2.1.12 was used to metaprove Leib (Infl), yet Leib was used to prove h Α Ξ A (cf. (d) on p. 47). So the above is an invalid (circular) proof! Not really. It is not a circular proof because 1- A = A is directly provable from Eqn/Leib and the given axioms! (I just wanted to tease you a bit.) Here's how:

1

(1)

A V A = A (axiom)

(2)

A V A = A (axiom)

(3)

A= A

(Eqn/Leib + (1,2): The "C-part" is ρ Ξ A—fresh p)

You don't believe me? Then do Exercise 2.1.18.

•

MORE HILBERT-STYLE PROOFS

59

2.1.18 Exercise. Prove by induction on the complexity of C that if q is not p , nor does it occur in C, then for any formula A, C[p := A] and C[p := q][q := A] have the same result. • We conclude the section with some simple but important results. 2.1.19 Theorem, h A = A = B = B Note. By earlier remarks that hinge on the associativity of " = " (cf. axiom (1) and Theorem 2.1.9 as well as Remark 2.1.10), the above can be read in various ways: I- (A = Α) ξ (Β = Β), h- A = (Α ξ (Β ξε Β)), l· ((A = A) = Β) ~ Β, Υ- Α = (Α =. Β) = Β, etc. In the end, one will read it in the most convenient (goal-driven) way. Proof. Brackets below are inserted for clarity so as to drive our argument: (1)

(A = Β = Β) = A

(2)

{{A = Β = Β) = A} = (A = [A = Β = β ) ) (the same axiom)

(3)

A = {A = B = B)

(axiom)

((1) + Eqn)

2.1.20 Corollary. \- L = L = Β = Β andV- A = A =

•

= A-

Proof. Directly from the previous theorem schema, the first time making A specific (namely, ±), the second time making Β specific. • Of course, there is nothing in a name, and the corollary can be reformulated as "h 1 Ξ ± = A = Α ΆηάΥ- A = A = ± = _L". 2.1.21 Corollary.(RedundantTrue) h J = A = Aandh A = A = J Proof. (1)

T = l = l

(axiom)

(2)

1 = L = A~A

(abs. theorem)

(3)

T = A= A

(Trans+ (1,2))

As for the other one, (1)

Τ ΞΑ Ξ A

(2)

( τ = A = A} = [A = A = τ) (axiom)

(3)

Α = Α = ύ'

(abs. theorem above)

(Eqn+ (1,2))

•

2.1.22 Remark. The import of "redundant true" is mostly felt in equational proofs that we will introduce in the next section. These proofs exploit the rule Leibniz in a process of "replacing equivalents by equivalents". Thus if we view our theorem schema "A = A = T" as "A = (A = T)" we see that—in terms of replacing

60

THEOREMS AND METATHEOREMS

equivalents by equivalents—A is as good as A = T. Thus in an expression such as "A = T" the part " = T" can be eliminated; it is "redundant" and its elimination simplifies the expression we are trying to prove. Conversely, it is often convenient to introduce " Ξ Τ " (or "Τ Ξ ") replacing A by A = Τ (or Τ = A). • We state two easy (but again, important) metatheorems that flow directly from "redundant true" (2.1.21): 2.1.23 Metatheorem. For any Γ and Α, Γ h A iff Γ h Α Ξ Τ. Proof. Only if. From \-A = A = TwegetT\-A^A = Tby hypothesis strengthening (2.1.1). Then, from Γ h Α, Γ h A = Α Ξ Τ, and {A, A = A = T} h A = J (Eqn) we get Γ I- A = Τ by transitivity of h (2.1.4). //: From Τ\-Α = Ύ,Τ\-Α = Α = Ύ, and {A = T,A = A = 1'}Y-A (Eqn) we get Γ I- A by transitivity of h (2.1.4). • 2.1.24 Remark. The import of 2.1.23 lies within the special case AY- A = T : Whenever we work with (special) assumptions, any such assumed formula A can be replaced via Leibniz by T. We will see applications of this remark in the next section. • 59

2.1.25 Metatheorem. For any TandA,B,ifThAandThB,

then Γ 1- A = B.

Proof From Γ h A = Τ, Γ h Τ Ξ Β, and Trans (using 2.1.4). 2.2

•

EQUATIONAL-STYLE P R O O F S

In algebra and trigonometry we often prove identities by calculating, systematically replacing equals for equals, thus—assuming the calculation started with a known identity—preserving equality at every step. For this to work, we have an initial supply of identities (our "knowledge base"). The technique may be, depending on the problem, one of the following: (1) Start with one side of " = " in " . . . = · · · " and calculate (replacing equals for equals) until you reach the other side. These "equals for equals" are among our known supply of identities. (2) Start with the entire " . . . = · · " and calculate until you reach a known identity. Then so is the original equality as it holds iff the one we reach does. (3) Start with each side separately and calculate until you reach in both cases the same formula. For example, to prove 1 + (tana:) = (sec a;) you work as follows, using as knowledge base the identities 60

2

2

cos a: Cf. 1.4.11. ''"Recall that in algebra and trigonometry an "identity" is a formula of the type " . . . = · · " that is true for all values of the variables. So, x — y = 0 is not an identity, but x - y = (x + y)(x — y) is. 59

2

2

2

2

EQUATIONAL-STYLE PROOFS

61

(ii)

sec a; = cos χ (sin a;) + (cos a:) = 1 (Pythagorean Theorem) 2

2

(iii)

Here is our calculation. Note the annotation! 1 + (tana;)

2

= (by (»)>

1 + (sin XJ cos a;)

2

= (arithmetic) (sin

a:)

+

2

(CQSJ)

(cos a;) = (by (iii))

2

2

1

'

1 (cos a;)

2

= (by («)> (sec a;) 2

We can profitably mimic the above style of proof in logic. The presence of the Leibniz rule and the preponderance of axioms that involve " Ξ " make this possible, indeed easy. In logic, the role of " = " is taken over by " Ξ " . / cannot emphasize enough that the two are entirely different symbols and we will not confuse them. So what is an equational proof? It is a proof-layout methodology. (1) What it does not do: It does not supplement, amend, or replace the concept of proof or theorem-calculation of Definition 1.4.5. Nor does it do so for the concept of (Γ-) theorem (1.4.7). Both concepts remain the same. Compare with algebra and trigonometry: The calculation (E) above does not define the concept of proof in these branches of mathematics, but it does provide a template for many nice proofs within the normal framework of mathematical proof: certainly the proof (E) is acceptable as such. Compare also with programming. Some people using, say, the procedural language Pascal may choose to adopt the structured programming methodology and in particular never to use the goto instruction. Others may opt to use goto and follow program development by flowcharts, or indeed use a mixed approach, having their pie and eating it too: Do structured programming with goto (cf. [28]). The programs written by the three groups, for the same problems, will look drastically different. However the existence of these groups and the two methodologies (along with the hybrid methodology) for writing programs does not detract from the fact that all use the very same programming language. Pascal programs have a formal, i.e., syntactic, definition of their structure that is independent of how people plan to use them.

62

THEOREMS AND METATHEOREMS

The same goes for logic. Nevertheless, quite analogously, one can dogmatically stick to the Hubert style of writing and annotating proofs (the "orthodoxy" according to Definition 1.4.5), or instead absolutely insist on writing every single proof under the sun in the equational-style. Then again, the smart user of logic will accept both styles. Such a person will judiciously choose the best tool for the task at hand each time, be it equational style or Hubert style. The more tools we allow ourselves to use, the more effective "provers" we will be. (2) What it does: In many cases it simplifies proofs by allowing a goal-driven approach toward the theorem. (3) What it is: An equational-style proof is a sequence of (Γ-) theorems of the form A\ Ξ A , A = A ,..., Α _ι = A , A = A (1) 61

2

2

3

n

η

n

n+X

Each of the individual theorems Ai = A must receive an independent, individual (Γ-) proof in order to be allowed to appear in sequence (1). i+i

By an independent, individual proof I mean that this proof is external to the sequence, in general, and is not the result of things that we wrote to the left of Ai Ξ A \ in the sequence. Sequence (1) is not a Hilbert-style proof! Exactly how, and with what layout methodology, we obtained each individual proof for the various Ai = Ai \ is totally flexible: Some or all of these may have been proved by equational-style proofs. Some or all may have been proved by Hilbert-style proofs. These individually proved results, Ai = are from our (growing) database of theorems, which we may use in a proof like (1) just like the results (i)-(iii) were part of the database of independently obtained trigonometry facts that were used in our proof (E) on p. 61. i+

+

Pause. For one last time: A theorem is a theorem is a theorem, as per 1.4.7 regardless of how, in Hilbert style or equationally, it was proved. Before we take a careful look at the layout of equational proofs, which is extremely important, let us take out of the way the "metatheory" part. So, what does a sequence of equivalences like the above do for us? The answer is provided by the following metatheorem. By the way, our relaxed terminology theorem vs. metatheorem, agreed to on p. 51, would have us label special cases like A=B,B = C,C=D\~A = D "theorems". What makes the following definitely a "metatheorem" is its dependence on n. 2.2.1 Metatheorem. Αχ = A , A Ξ A ,..., 2

6 1

2

3

A -! n

= A, A = A n

n

n+1

h A Ξ A +i t

This can lead to some ridiculously long, mathematically ugly proofs of trivial results.

n

(2)

63

EQUATIONAL PROOF LAYOUT

Proof. This is seen by repeating the (derived) rule "Trans". A rigorous proof is by induction on n: Basis. For η = 1 we want Αι = A V A\ = A , which we got by 1.4.11. Taking as I.H. the claim for η (it looks precisely as in (2) above) we establish the claim for η + 1. That is, we want: 2

Αχ = A ,A 2

2

= Α ,...,Α ^ι 3

2

Ξ A„,A

η

n

= A Ai n+u

n+

= A

n+2

h Α= λ

A (3) n+2

Here goes a proof of (3): (1) (2)

Ai = A

(hypothesis)

A

= A

3

(hypothesis)

(n)

A

= A„+i

(hypothesis)

2

2

n

(n+1)

Ai = A +i

(n + 2)

A +i = Ai = A +

((l)-(n) + I.H.)

n

A (hypothesis) n+2

n

(n + 3)

n

2

({n+ 1) + (n + 2) + Trans)

2.2.2 Corollary. In an equational proof (from assumptions Γ) such as (I) on p. 62 we have Γ h Αι Ξ Α ι. η+

Proof By 2.2.1 and 2.1.4.

•

2.2.3 Corollary. In an equational proof (from assumptions Γ) such as (I) on p. 62 we have Γ h Ai iffT h A i. n+

Proof. By the previous corollary and Eqn.

•

In practice, just as in trigonometry, if we want to prove Ai (from Γ), then an equational proof allows us to start with Ai and be done as soon as we end up with some known Γ-theorem A i, as 2.2.3 above makes clear. Of course, we do not have to start an equational proof of A with A, but we may do so if this is convenient, or makes things more intuitively clear. Corollary 2.2.2 tells us that a chain like (1) (Γ-) proves the equivalence Ai = A +i. Equational proofs tend to be very natural when it comes to proving equivalences, but as 2.2.3 makes clear, they can also be used to prove formulae other than equivalences (Ai and Α could be anything at all). n+

n

η+Χ

2.3

EQUATIONAL P R O O F LAYOUT

To emphasize the importance of layout, we devote a section to this topic. The layout is vertical, just like that of Hilbert-style proofs, but rather than writing (1) of p. 62 as

64

THEOREMS AND METATHEOREMS

A = A 2

3

(i) A -\

= A

n

A

n

=

n

A +\ n

we write it in the style of (E) on p. 61, that is, in a first approximation, A

x

= (annotation) A

2

= (annotation) ;

(«)

A -l Ξ (annotation) n

A = (annotation) n

Ai n+

Several remarks are in order: 2.3.1 Remark. (1) Going from (i) to (ii) we have economized on writing, improving readability at the same time by not repeating the "joining formulae". By joining formulae I mean, for each i, the A i that occurs to the right of " Ξ " in A = A \ and to the left of " Ξ " in the immediately following equivalence, Ai \ = A{ . Thus, (ii) implies a conjunctional use of the " = " symbol that appears in the leftmost column; that is, it is meant to say precisely what (i) says, i.e., A\ = A and A = A and A = A , etc. In other words, layout (ii) is a compact notation that depicts layout (i) and, therefore, e.g., we can then infer the theorem A\ = A i via 2.2.1. This is totally consistent with normal use of symbols such as " = " and " < " in mathematics. In (E) (p. 61) we are using " = " conjunctionally. In an algebra course, when we write the short "a < b < c" we mean the long "a < 6 and b < c". But wait a minute! "A = Β = C" does not mean "Α Ξ Β and Β = C". The symbol " Ξ " is associative according to axiom schema (1) (cf. 1.4.4, p. 42), not conjunctional. i+

t

+

i+

+2

2

2

3

3

4

n+

Pause. So it is associative. But this does not preclude it from also being conjunctional, does it? It does! We will come back to this question (cf. 3.1.6). For now, we must take it simply on faith: is not conjunctional. We get around this obstacle by inventing a new symbol—in the metatheory, of course!—to denote conjunctional equivalence. This is an informal solution just as the practice in algebra

EQUATIONAL PROOF LAYOUT

65

where "a < b < c" means "a < b and b < e" is informal. That is, I will give neither definitions nor axioms for the new symbol, which we will denote by "·ΦΦ". This is our "conjunctional = " and will appear only in equational proofs and only on their leftmost column at that. Thus, "A Β C" means only "A = Β and Β = C". Reference [ 17] uses " = " for the conjunctional "=". As we will use " = " for formal equality of non-Boolean objects in the predicate calculus part of the volume, and we are already using it in the metatheory as the "ordinary" equals—for example, between strings—we prefer not to overload this symbol further with yet a third meaning. So " A" an axiom. This kind of "abuse of nomenclature"—that expresses our unconcern for permutations of terms in a Ξ-chain—will persist and receive definitive and general justification in Remark 2.4.8. (4) Just as with Hubert-style proofs we need not specify which axiom we are using in steps annotated as "axiom". This should be obvious from the axiom's form. (5) As is often the case, the condition " p fresh" is an expedient overkill. For example, in the last occurrence of the condition above, I could have given the (longer) condition " p does not occur in £ " , and that would still work—I just wanted the substitutions to leave Β unchanged. (6) Increasingly I will be omitting the condition ρ fresh in obvious situations such as the above. • A trivial adaptation of the theorem's proof yields: 2.43 Corollary, h ->(A Ξ Β) = A = Proof. (Equational) - ( A = B) Φ> (axiom) Α =

ΒΞ±

^ (Leib + axiom: Β Ξ ± = - . β ; "C-part" is Α Ξ ρ; ρ fresh) Α

Ξ

Β

-ι

Π

2.4.4 Theorem. (Double Negation) h ->-^A = A Proof. (Equational) —A Φ> (axiom) -.A = ± •«· (Leib + axiom: ->A = Α Ξ ± ; "C-part" is ρ = J_) A = ±

=

J_

(Leib + axiom: Τ = 1 Ξ 1 ; "C-part" is A = p) Α <S=>

Ξ

Τ

(redundant true, i.e., h Α A

Ξ

Α

Ξ

T) •

(1) General Hint: Always plan to start from the more complex side of " Ξ " and use our database of results, and our rules, to get it simpler and simpler, until you reach the other side.

68

THEOREMS AND METATHEOREMS

(2) A general technique—in the context of s-chains—worth imitating is to use axioms (1) and (2) without notice, to bracket/unbracket, to move brackets around, and to rearrange the order of subformulae separated by one " Ξ " (that occurs at either end of the chain). The general annotation here, without details, would be "axioms (1,2) + Leib". (3) I have also made good on the earlier promise to be less pedantic and start omitting far-too-obvious ρ fresh conditions. 65

2.4.5 Theorem, h Τ Ξ - . ± Proof. (Equational)

Τ (axiom)

± = _L (axiom)

-.±

•

2.4.6 Corollary, h ± = -.T Proof. (Equational)

-.T (Leib + 2.4.5; "C-part" is - p ) -.-.1 (2.4.4)

±

•

2.4.7 Theorem, h A V Τ Proof. (Equational) AvT (Leib + axiom: Av(lsl)

Τ Ξ Ι Ξ Ι ;

"C-part" is A

V p ; note inserted brackets!)

(axiom)

/ΙνίΞΑνί

•

One normally does not draw attention to the obvious and leaves it unsaid in the proof: The last line is a theorem by 2.1.12. W e soon show, in 2.4.8, that neither the hedging "separated by one" nor "(that is at either end of the chain)" are necessary.

65

69

MORE PROOFS: ENRICHING OUR TOOLBOX

2.4.8 Remark. Axioms (5) and (6) are the unsung heroes in the case of V-chains just like (1) and (2) are in the case of Ξ-chains. To begin with, axiom (5)—just as it was the case with Ξ-chains and axiom (1)—allows the insertion or omission of brackets in a V-chain in any manner we please. Of course, the proof of this fact, exactly like the one in 2.1.10, hinges also on theorem (f) below, which is the mirror image of axiom (5): h Av(BvC) = (AvB) V C (f) One proves the above exactly analogously with 2.1.9. Moreover, axiom (6) along with the Leibniz rule and the associativity of V allows you to prove that in a chain of V-signs you can swap any two subformulae, i.e., h BV C V D = DV C V Β and, more generally, \- AV BV C V DV Ε = AV D V C V B V E. Indeed, BVCVD -i=» (axiom (6) via (5), the latter allowing us to put brackets where we want them) DVBVC

(*)

t> (Leib + axiom (6). "C-part" is D V p) DVCV

Β

From this we can easily prove the general case: AV BVCV

DV Ε

(Leib + special case just proved. "C-part" is A V ρ V Ε) AV DV C V BV Ε Entirely similar comments hold for Ξ-chains (due to axioms (1) and (2)). This can be seen by repeating the above two proofs, replacing V by Ξ throughout, and replacing references to axioms (5) and (6) by references to (1) and (2). For example, h (Β Ξ C = D) = (D = C = B) is proved by rephrasing (*) above: B = C= D ο (axiom (2) via (1), the latter allowing us to put brackets where we want them) D =B =C (Leib + axiom (2). "C-part" is D = p) D=C=B

•

The following occurs often. We might as well record it. The formulation is mindful of what we have just said in 2.4.8. 2.4.9 Proposition, h (A = B)V [C = D) = AV C = BV C = AV D = BV D Proof. (A = B)V{C = D)

70

THEOREMS AND METATHEOREMS

(axiom)

(A = B)VC = (A = B)VD (Leib + axiom; uses 2.4.8 implicitly!; "C-part" is ρ Ξ (A = Β) V D)

AvC=BvC={A

= B)vD

& (Leib + axiom; uses 2.4.8 implicitly!; "C-part" isAvC

AVC

Ξ

BvC

Ξ

= BvC = p)

AV D= By D

•

2.4.10 Theorem, h A V _L Ξ A Proof. (Equational) Here is a case where (after some thought) we find it convenient to deal with the entire formula.

Αν

1

Ξ

A

& (Leib + axiom: A = A V A; "C-part" is A V _L Ξ ρ)

Αν ±

Ξ

Αν A

(axiom) AV(1

= A)

& (Leib + axiom: 1 = A = -Ά; "C-part" is A V p) AV-iA

•

Strictly speaking, ± = Α Ξ -Λ is a trivial theorem that axiom schema (4) yields via 2.4.8. Let us skip to some provable properties of —•: 2.4.11 Theorem, h A-> B=^AV

Β

Proof. A - Β Ο- (axiom)

Αν B = Β (Leib + 2.4.10; "C-part" is A V Β = ρ)

Αν

β = _L V

Β

Φ> (axiom)

[A = ±)V Β A V ( β

C)

Ξ

(axiom) —•>! Μ Β =

-ι

AV C

(Leib + 2.4.11: "C-part" is ρ Ξ -,Λ V C) Λ ^ β Ξ - A v C

(Leib + 2.4.11: "C-part" is A - > β Ξ ρ) A^B

= A-+C

•

2.4.14 Remark. (1) It is good form to apply one Leibniz at a time, hence the last two steps. (2) [17] nickname 2.4.11 as "definition of —>"—even though they prove it. In the foundation of logic that we pursue in this volume 2.4.11 is, of course, no "definition" at all, but is a theorem that relates the connectives -ι, V, —». To be sure, there are alternativefoundations of logic that employ only two primitive propositional connectives: V and All the rest of the connectives, e.g., -+, are introduced by definitions such as A^B

= ^A\JB

(1)

Such a definition says that the expression A -+ Β is metatheoretical argot, an abbreviation of -ιA V B. This abbreviation introduces, as a side-effect, the metasymbol —*. But in our foundation the formal symbol —> is a primitive of V and does not get (re)introduced! • Here is a real definition in our context. We introduce a new informal symbol—i.e., an abbreviation—named "φ" as follows: 2.4.15Definition. ΑφΒ=-^{Α

= Β)

•

How are abbreviations-by-definition used? Answer: Expand and go! That is, if I am asked to prove ...Αφ

Β -

λ prove instead ...-,(A

= B)---

^The reader is reminded of the Boolean connectives' priorities; cf. 1.1.11.

72

THEOREMS AND METATHEOREMS

Here's a rather surprising result:

Φ

2.4.16 Theorem, h ((Α

Β)

φ c)

= (Α

φ (Β ψ θ)

Proof. Expanding, we see that we really want to prove the formula schema

Φ> (axiom) -.(A = B) = C = _L (Leib + axiom; "C-part" i s p s C s i ) A=B=L=C=L

& (by Remark 2.4.8) A = B = C = A. = L Φ> (Leib + axiom; "C-part" is Α Ξ ρ Ξ 1) A = -ι(Β = C) = L (axiom)

• Here are some results for Λ: 2.4.17 Theorem, (de Morgan 1) I- Α Λ β Ξ -.(-.Α V Proof. This is a lengthy, but totally straightforward calculation, nothing to write home about. Starting from the "complex" side, we have: -.(-•AV-.B) (axiom) -ι

Α ν -ιβ

Ξ

_L

ο · (Leib + 2.4.12; "C-part" is ρ Ξ _L) A V ->B

Ξ

^B = J_

(Leib + axiom; "C-part" is A V -•£? Ξ ρ—2.4.8 used) A V ->B Ξ Β e> (Leib + 2.4.12; "C-part" is ρ Ξ β ) AVΒ=Α=Β (axiom—with the help of 2.4.8 ) ΑΛβ

•

MORE PROOFS: ENRICHING OUR TOOLBOX

73

2.4.18 Corollary, (de Morgan 2) h A V Β = -ι(-\Α Λ -.β) Proof. This can be proved from scratch totally by imitating the above proof and swapping Λ and V. It is more instructive (and shorter) to see that it actually follows from 2.4.17. π(πΛΛπβ)

(Leib + 2.4.17; "C-part" is - p ) -.^(-.-.Λ V -.-,β)

«Φ· (2.4.4) -,-,Α V - . - . β

(Leib + 2.4.4; "C-part" is ρ V ->-ιβ) AV->->β

AvC=G Since ->A V C is a theorem under our assumptions, so is A V C = C and it can be used in the following proof of Β V C from our two assumptions: BVC (Leib + lemma; "C-part": Β V ρ) β V (A V C) (2.4.8) (AV β ) V C (Leib + assumption A V β + 2.1.23; "C-part": ρ V C) Τ

VC

•

80

THEOREMS AND METATHEOREMS

2.5.5 Corollary. AV B,->Av Bh Β Proof. By 2.5.4, we have Α ν Β , - Α ν β h By B. By 2.5.1(2), we have By Β h B. We are done by 2.1.4. • 2.5.6 Corollary. A V Β, ->A h Β Proof. By 2.5.1(3), we have ->A Υ- ->A V β. We are done by 2.5.5. 2.5.7 Corollary. Α,-Al·

•

±

Proof. By 2.5.5, where we take β to be the specific formula

using 2.4.10.

•

2.5.8 Exercise. The proofs of the three previous corollaries deviated from our usual pedantic Hilbert style. They look more like everyday proofs that a mathematician might write. Give Hilbert-style proofs for each. • 2.5.9 Corollary. (Transitivity of-») Α - . β , β - t C h A - . C Proof (Hilbert-style) (1) (2) (3) (4) (5) (6) (7) 2.5.10Theorem.

A -> β B->C A-» B = - Α ν β B^C = - β VC ->AV Β -.BvC -Ave

(assumption) (assumption) (2.4.11) (2.4.11) ((1,3) +Eqn) ((2, 4) +Eqn) ((5,6) + 2.5.4 (using 2.4.8))

•

A->C,B->£>hAvB->CV.D

Proof. As in 2.5.4, analysis of the two hypotheses yields the theorems (theorems from the hypotheses, that is!)

=c

Ayc

(l)

and

β

V

DΞ D

Informed by the above we calculate:

Ay Β -» CV D « (axiom + 2.4.8)

AVCV β

V

D Ξ CVD

(Leib + (1); "C-part":

pVflvDsCvD)

(2)

THE DEDUCTION THEOREM

81

CvBvflsCVfl (Leib + (2); "C-part": C V p s C v f l )

CwD=C\/D

•

2.5.11 Corollary. (Proof by Cases) A ^ C, Β C

h Αν Β ^ C

Proof. By 2.5.10, A^C,B^ChAvB^C\/C. axiom, we are done via an obvious application of (Leib).

Since C V C = C is an •

2.5.12 Remark. (1) The name of 2.5.11 derives from what it says: To establish that a formula C is implied by a disjunction A V Β it is sufficient to establish separately both cases: A —> C and Β —> C. (2) Actually there is more to it: By 2.5.2, the result in 2.5.11 is equivalent to

(A-*C)/\(B

-^C)h AVB-+C

(*)

However (*) is a direct result of 2.4.24 via one application of equanimity. The same process also proves "the other direction":

A V Β -> C h (A -> C) Λ ( β -> C) (3) The following special case follows trivially, since ^A V A is an axiom, and therefore I — Ά V A = Τ by 2.1.21. It follows as easily from 2.5.4. We leave the details to the reader. • 2.5.13 Corollary. A -> C, - A -> C h C 2.6

T H E DEDUCTION T H E O R E M

The main result in this section is, strictly speaking, a Meiatheorem. But the above title is its established nickname. It states: 2.6.1 Metatheorem. (Deduction Theorem) If TO {A} h Β, then alsoΓ h A -> B. Note. Due to the notational convention given on p. 53, the deduction theorem can be also stated as "If Γ + A \- B, then also Γ \- A —> B". Much of the proof makes use of the following result. So let us prove it separately, to avoid obscuring the proof of the deduction theorem. 2.6.2 Lemma. A

(B = C) h A -» (D[p := B] = D[p := C})

Proof. This is a theorem schema, of course, and we have handled several such already. However, here we employ a new technique: We prove it not directly, but instead by induction on the complexity of D, in essence /ne/aproving it, first for the least complex D, and then pushing the proof forward from less to more complex Z>. 71

71

1 will be interested to know if you can come up with a direct proof.

82

THEOREMS AND METATHEOREMS

That this constitutes a metaproof is clear: Our logic does not "know" induction! Basis. D has complexity 0: So it is one of: (1) p: Then we must show A -> (Β Ξ C) h A —> (B = C) and we are done by 1.4.11. (2) q (other than p): Then we must show A -> (B = C) h A -> (q = q). Well, start with h q = q by 2.1.12. By (3) in 2.5.1, and 2.1.4, h A -» (q Ξ q). We are done by 2.1.1. (3) Τ or ± :

Same argument as in (2) above.

We now take the complex case, where D has complexity η + 1, on the I.H. that the claim is true for all D (or whatever else you want to call them) with complexity η or less. Throughout the rest of the argument we will not forget that A —> (B = C) is an assumption. We have several cases of how the formula, D, of complexity η + 1, was built: (i) D is ->E. We calculate as follows (cf. 1.3.15): A

( - £ [ p := B) = - £ [ p := C])

(Leibniz, twice along with 2.4.1) A -» — (E[p := Β] ~ E[p := C\) (Leibniz + 2.4.4; "C-part": A -» q) A -> (£[p := β] = E[p := C]) The last formula is an A —> (Β Ξ C)-theorem by the I.H., so this is true for the top formula, too. (ii) D is Ε V G. (A

In view of 2.4.11, we have the (absolute) theorem

(D[p := β ]

Ξ

D[p := C]))

V

Ξ

(D[p := B] = D[p := C]))

thus we will p r o v e - A V ( D [ p := β] Ξ D[p := C]) via the "V over = ' distributivity axiom, i.e., we will prove instead -A

V

D[p := β]

Ξ

-ιA V

D[p := C]

To this end, we calculate as follows (cf. 1.3.15): -A •v=>

V

E[p := β]

V

G[p := B]

(Leibniz + I.H.; "C-part": q -A

V

G[p := β]

V

V

G[p := B\\2.4.8 used as well)

E[p := C]

(Leibniz + I.H.; "C-part": q V E[p := C\\2.4.8 used as well) -A

V

E[p := C]

V

G[p := C]

THE DEDUCTION THEOREM

(iii) D is Ε AG.

83

We calculate as follows (cf. 1.3.15): A - . E[p := B] A G[p := B] (2.4.25) (A - E[p := B]) A (A - G[p := B]) G[p := C])

(2.4.25) A -» £ [ p := C] (iv) D is Ε -> G. -Λ

V

Λ

G[p := C]

We calculate similarly to the "Z? is £ V G" case (cf. also 1.3.15):

--£[p := Β]

V

G(p := B)

A

V

G[p := Β]

V

-.£[p := C]

(Leib + I.H. on G; "C-paft": q V -.JE7[p := C]; 2.4.8 applied implicitly) -ιΑ

V

-.£[p := C]

V

G[p := C]

Finally, (v) Dis Ε = G.

We calculate as follows, mindful of 2.4.13 (cf. also 1.3.15): A -> (E[p := B) = G[p := B]) & (2.4.13) Α

£ [ p := Β] = A -> G[p := B]

*Φ· (obvious Leib + I.H. twice) A —• £ [ p := C] = A —> G[p := C] (2.4.13) A -> ( £ [ p := C] = G[p := C])

•

Proof. (Of the Deduction Theorem) This is a metatheorem about proofs (equivalently, about theorems). It says, essentially, that a proof of Β from Γ and A must be somehow transformable into a proof of A —» Β /rem Γ a/one. So how does one (meta)prove a (meta)theorem like this, that a proo/ from Γ + Α is so transformable? By constructing the transformation by induction on the length of proof where Β occurs (1.4.5), of course! 72

'Even a casual observer will see that this is a proof outside Boolean logic, using such extraneous tools as induction.

84

THEOREMS AND METATHEOREMS

Important! A (metajproof by induction on the length of formal proofs of our given logic is to use the formal definition of proof as in 1.4.5! Specifically, such a metaproof will deal, in the induction step, only with the two primary rules of inference (1.4.2) since each use of a derived rule in a formal proof can be eliminated by "unwinding" (replacing the invocation of) the rule itself into a formal proof, rigorously and completely written according to 1.4.5. Basis. For Γ + A-proofs of length η = 1: Such a proof consists only of B, right? But then, Β must be one of the following (see 1.4.5!): (i) A. Since h A —> A (this is the same as stating h - Β in this case by 2.1.1, remembering that A is B. (ii) In Γ U Λ. Then (1.4.7), Γ h B. Since Β \ A V Β by 2.5.1(3), we are done—i.e., once more Γ \- A —» Β—by 2.1.4. We take for I.H. that the claim of the metatheorem is true for all Γ + A-proofs of lengths η or less. We now look at the induction step, the case where we have a Γ + Α-proof of B, one that has length η + 1. Our aim is to prove that under the I.H. Γ f- A —• B. So in the very last step of this proof, we either wrote down B, or we did not: Case where we did not: Then Β—which we assumed at the outset that this proof proves—must have appeared earlier. Since we can truncate a proof by dropping any length of tail (cf. 1.4.8) and still have a proof, it follows that (dropping, say, the last formula of the proof) we have a proof of Β of length η or less. By the I.H. we conclude Γ h A —• Β in this case. Case where we wrote Β at the very last step: Now, there are two reasons why we may have legitimately written Β (1.4.5): Subcase: Β is one of: A, or is in Γ U A. If so, then we have already argued in the Basis that we will then have Γ h A —• B. Subcase: Β was written down because we applied Eqn in the last step, so C = Β and C have appeared in the proof earlier. By I.H. we have TY-A-+C

(1)

and T h A^{C = B) By 2.4.13 and Eqn, the latter yields Γ h A^C=A-^B

(2)

(1) and (2) yield Γ h A -> Β by Eqn. Subcase: Β was written down because we applied Leibniz in the last step, so Β is D[p := C] = D\p := E] and C = Ε has appeared in the proof earlier. By I.H.

THE DEDUCTION THEOREM

85

Γ Y- A -> (C = E). Now Lemma 2.6.2, via 2.1.4, yields Γ I- A -> (D[p := C] = D[p : = £ ] ) , i.e., Γ h Λ ^ Β . • 2.63Corollary. Γ + Λ Κ Β / 0 Τ Ι - Λ - > β PTOO/

The left-to-right direction ("only i f ) is 2.6.1. The " i f is by MP (2.5.3).

•

2.6.4 Remark. What is the deduction theorem good for? (1) The metatheoretician, who studies rather than uses logic, will proclaim: It shows that all the theorems that we ever need to study are absolute, for whenever we need to show A I- Β we can simply show I- A —• B, since the two are equivalent (metatheoretical) statements by the above corollary. As users, of logic we dismiss this clinical point of view. Indeed, even in metatheoretical work the deduction theorem comes in handy—e.g., see the proof of Post's theorem (3.2.1) in the next chapter. (2) For the user, it is exactly the opposite point of view that is important: To prove "h A —> B" is in general harder to do than to prove "A h B" because the latter asks us to prove a less complex formula than A —> Β—just Β—and it throws in as a bonus an extra assumption—A—that is not available if we are proving A —> B. An extra assumption almost always makes life easier; for it allows us to know more before we start the proof. The user will (almost) always prefer to tackle AY- B, over Υ- A —* B. Indeed, the deduction theorem is used extremely frequently by the practicing mathematician, computer scientist, logician, and any other person who reasons logically. • 2.6.5 Exercise. Assume the deduction theorem, and prove Lemma 2.6.2 from it.

•

2.6.6 Metatheorem. The following are equivalent: (2) For all A, we have Γ h A. (3) For some B, we have Γ Υ- Β Α -ιΒ. Α Γ such as the one in the metatheorem is called inconsistent or contradictory. Α Γ that does not have the property—e.g., it fails to prove at least one formula, which is the negation of (2)—is called consistent. A formula of the form Β A -[p := Α]) Ξ -,(D[p = B]) (cf. 1.3.15), and therefore, by I.H., :

s(^D[p := A]) = e(-Z)[p := B]) iff s(D[p := A]) = s(D[p := B]) Case2: Let next C be D V E. The I.H. applies on D and £ (i.p. of C). Now, C[p := Α] Ξ C[p := B] is (cf. 1.3.15) £>[p := A] V E[p := A] = D[p := Β] V £ [ p := B); hence we get (1) as follows: s(D[p := Λ] V E[p :=A]) = F (a{D\p := A}), s(E[p := A})) v

= F ( e ( D [ p := B]),a(E\p v

•= B])) (by I.H.)

= (Z3[p:= B ] V E [ := B]) S

P

The cases where C is any of D = E, D Λ Ε or D —* Ε are entirely similar to the above and are omitted. 3.1.2 Exercise. Using truth tables, verify that all the logical axioms (1.4.4) are tautologies. • 3.1.3 Metatheorem. (Soundness of Propositional Calculus) Γ h A implies that Γ \=taul A.

The reader will observe that the proof below—the very first sentence in the Basis case—is oblivious to exactly what Γ we have in mind. Thus it is valid for any Γ, from empty to infinite. Proof. We do induction on the length of Γ-proofs where A occurs. Basis. Length η = 1. If A is in Γ, then certainly Γ |= , A (cf. 1.3.11; any state that satisfies Γ will do so for A in particular). If A is in Λ, then | = A as you have verified in the exercise above. But then Γ |=taut A , since again any state s that satisfies Γ will still make s(A) = t {any state whatsoever will make s(A) = t). teu

uut

We now assume the claim for lengths η or less (I.H.) Consider now the case where A occurs in a proof of length η + 1. There are subcases:

92

THE INTERPLAY BETWEEN SYNTAX AND SEMANTICS

(1) A is not the last formula in the proof. So the proof ending with A—obtained by deleting the formulae following A (cf. 1.4.8)—has length η or less. By I.H. Γ hum A in this case. (2) A is the last formula. (2.1) Subcase where A e Γ U Λ is handled exactly as in the Basis. (2.2) Subcase where A was written as a result of an application of Eqn. That is, the proof contains some Β and also Β = A, to the left of A. By I.H., Γ \= Β and Γ |=taut Β = A. Let now s be any state such that s(X) = t for all X in Γ. Thus, s(B) = t and s(B) = s(A). Hence, s{A) = t. aat

(2.3) Subcase where A was written as a result of an application of Leib. So Β = C occurs to the left of A, and A is D[p := B] = D\p := C]. By I.H., Γ (=„,„, Β = C. Let now s be any state such that s(X) = t for all X in Γ. Thus, s(B) = s(C). Hence, s(D[p := Β] Ξ £>[p := C]) = t by Lemma 3.1.1. • 3.1.4 Corollary. If\~ A, then \=

A.

lml

Proof. Take Γ = 0 in the above.

•

3.1.5 Remark. (Counterexample Constructions in Boolean Logic) In what ways is soundness useful? (1) It tells us that we are on track with our "program" to have syntactic tools to verify tautologies: Whatever these tools obtain (as absolute theorems) are tautologies. (2) It allows us to disprove fallacious "results" of the form "such-and-such formula is formally provable—in Boolean logic—from such-and-such assumptions". For example, "ρ V q \- p" is a false statement in the metatheory. It says that from the assumption ρ V ρ we can write a proof that contains (or ends with) p: Impossible! Why? Well, if the claim were true, then we would also have p V q (= p. This is readily seen to be a false claim: Take any state s where s(p) = f and s(q) = t. Similarly, h 1 is false (because (= _L is). By the way, we indicate that "Γ h A is false" (false metatheoretical statement) by writing Γ )hA. • taut

Uut

3.1.6 Example. We already stated on p. 64 that Ξ is not conjunctional—which is why we invented its conjunctional cousin Here is why: The statement means that (1) below is not a theorem schema; i.e., for some specific choices of A, B, C we end up with a nontheorem. A = Β = C = (A = Β)

A

[B = C)

(1)

Our job is to find specific formulae A, B, C that verify (2) below: \f A = Β = C = (A = Β) Λ (B = C)

(2)

Let us try T, ± , and ± respectively and verify (2) by showing

μ „, Τ ω

Ξ

±

Ξ

±

=(Τ = ±) Λ

(±

Ξ

_L)

(3)

POST'S THEOREM

93

The subformula Τ Ξ ± Ξ ± to the left of the " = " connective marked with "f" evaluates as t in any state. Yet, the subformula (T = 1) Λ (± = 1) to the right evaluates as f. This verifies (3). • 3.2

POST'S THEOREM

3.2.1 Metatheorem. (Post's Tautology Theorem) If Τ \= , A, then Γ h A. lau

Proof. The proof of the metatheorem is, of course, informal and uses any tools we may be pleased to employ from the metatheory. It is most convenient to prove the contrapositive, namely, If Γ )M,then Γ )f= A am

(1)

Digression. The term contrapositive refers to an implication. The contrapositive of the formal implication "X —* Y" is "->Y —> -<X". It is trivial to show (exercise!) both h X — Υ Ξ -,y — -,χ and Htaut X

~~* Υ

=

~Ύ

~*

Thus, informal logic, guided by 1.4.2, 1.4.4, 1.4.5 and 1.4.7, proving h X —* Y is as good as proving I— ^X (by Eqn). The term contrapositive also applies to all sorts of implications (including I- and t=taut) in informal mathematics (metatheory). Thus, the contrapositive of "if [·••], then (...)" is "if not (...), then not [· · · ]". (Meta)proving one is as good as proving the other. Thinking commonsensically: Suppose I can prove the last of these two metastatements. Suppose I assume now that "[• · · ]" is true (*) Then it also must be that " ( . . . ) " is true, for if not, then I must have the opposite: "not (...)" is true. As this implies not [· · · ] it cannot be, for it contradicts my assumption (*). Returning from our digression, which introduced a commonly used term of logic, we embark on our proof. This will consist of a few constructions along with a few claims—and their (meta)proofs—about the properties of the objects we construct. First, let us argue that Claim One. There is an enumeration Go,G\,

Gi,...

(2)

of a all formulae of Boolean logic. That is, every formula appears in the infinite array (2), and no string that is not a formula appears there. Proof, [of Claim One] We may make a retroactive adjustment to the alphabet V that makes it finite. This will change nothing that was said so far in this volume,

94

THE INTERPLAY BETWEEN SYNTAX AND SEMANTICS

except a minute remark on p. 9: "Most variable symbols are formed through the use of 'subsymbols'—such as 0,1,2, '— that are not members of the alphabet V themselves", I said there. Well, let me backtrack over this comment, now including 0,1,2,3,4,5,6,7,8,9, ' in an amended V. But I am going to remove all the Boolean variables, except the three p, q, and r, because I am going to build all the rest! This idea is hardly revolutionary, and is entirely analogous to that of building the infinite set of natural numbers by using just two symbols, 0 and 1 (binary notation), or the infinitely many variables of a programming language such as Algol from a finite set of symbols. In the latter case we start with the letters a,b,... ,ζ,Α,Β,... ,Z and the digits 0 , 1 , . . . , 9 and use the algorithm in quotes to build any variable: "A variable is a string that starts with a letter and continues (to the right) as far as we wish, using any letter or digit." So, for the purposes of this section, we take V to be (commas not included) p,

Mathematical Logic

This page intentionally left blank

Mathematical Logic

George Tourlakis York University Department of Computer Science and Engineering Toronto, Ontario, Canada

WILEY A JOHN WILEY & SONS, INC., PUBLICATION

Copyright © 2008 by John Wiley & Sons, Inc. All rights reserved. Published by John Wiley & Sons, Inc., Hoboken, New Jersey. Published simultaneously in Canada. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 750-4470, or on the web at www.copyright.com. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at http://www.wiley.com/go/permission. Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their best efforts in preparing this book, they make no representations or warranties with respect to the accuracy or completeness of the contents of this book and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives or written sales materials. The advice and strategies contained herein may not be suitable for your situation. You should consult with a professional where appropriate. Neither the publisher nor author shall be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages. For general information on our other products and services or for technical support, please contact our Customer Care Department within the United States at (800) 762-2974, outside the United States at (317) 572-3993 or fax (317) 572-4002. Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic format. For information about Wiley products, visit our web site at www.wiley.com.

Library of Congress Cataloging-in-Publication Data: Tourlakis, George J. Mathematical logic / George Tourlakis. p. cm. Includes bibliographical references and index. ISBN 978-0-470-28074-4 (cloth) 1. Logic, Symbolic and mathematical—Textbooks. I. Title. QA9.T68 2008 511.3—dc22 Printed in the United States of America. 10

9 8 7 6 5 4 3 2 1

2008009433

To those who taught me

This page intentionally left blank

CONTENTS

Preface

xi

Acknowledgments

xvii PART I

1

2

BOOLEAN LOGIC

The Beginning

3

1.1

Boolean Formulae

8

1.2

Induction on the Complexity of WFF: Some Easy Properties of WFF

17

1.3 1.4 1.5

Inductive Definitions on Formulae Proofs and Theorems Additional Exercises

22 37 48

Theorems and Metatheorems

51

2.1 2.2

More Hilbert-Style Proofs Equational-Style Proofs

51 60

2.3 2.4

Equational Proof Layout More Proofs: Enriching Our Toolbox

63 66 vli

viii

3

CONTENTS

2.5

Using Special Axioms in Equational Proofs

76

2.6

The Deduction Theorem

81

2.7

Additional Exercises

86

T h e Interplay between Syntax and Semantics

89

3.1 3.2

Soundness Post's Theorem

90 93

3.3 3.4

Full Circle Single-Formula Leibniz

99 100

3.5 3.6

Appendix: Resolution in Boolean Logic Additional Exercises

104 107

PART II 4

PREDICATE LOGIC

Extending Boolean Logic

113

4.1

The First-Order Language of Predicate Logic

115

4.2 4.3

Axioms and Rules of First-Order Logic Additional Exercises

138 148

5

Two Equivalent L o g i c s

151

6

Generalization and Additional Leibniz Rules

155

6.1

Inserting and Removing "(Vx)"

155

6.2 6.3

Leibniz Rules that Affect Quantifier Scopes The Leibniz Rules "8.12"

165 168

6.4

Additional Useful Tools

170

6.5 6.6

Inserting and Removing "(3x)" Additional Exercises

178 187

7

Properties of Equality

191

8

First-Order Semantics—Very Naively

195

8.1 8.2 8.3

196 201 208

Interpretations Soundness in Predicate Logic Additional Exercises

Appendix A: Godel's Theorems and Computability A.l Revisiting Tarski Semantics

211 212

CONTENTS

A.2 A.3

A.4

Completeness A Brief Theory of Computability A.3.1 A Programming Framework for Computable Functions A.3.2 Primitive Recursive Functions A.3.3 URM Computations A.3.4 Semi-computable Relations; Unsolvability Godel's First Incompleteness Theorem A.4.1 Supplement: (x) Τ Is First-Order Definable in 01 x

IX

223 232 233 243 254 259 263 275

References

281

Index

285

This page intentionally left blank

Preface

This volume is about the foundation of mathematics, the way it was conceptualized by Russell and Whitehead [56], Hilbert (and Bernays) [22], and Bourbaki [2]: Mathematical Logic. This is the discipline that, much later, Gries and Schneider [17] called the "glue" that holds mathematics together. Mathematical logic, on one hand, builds the tools for mathematical reasoning with a view of providing a formal methodology—i.e., one that relies on the form or syntax of mathematical statements rather than on their meaning—that is meant to be applied for constructing mathematical arguments that are correct, well documented, and therefore understandable. On the other hand, it studies the interplay between the written structure (syntax) of mathematical statements and their meaning: Are the theorems that we prove by pure syntactic manipulation true under some reasonable definition of true? Are there any true mathematical statements that our tools cannot prove? The former question will be answered in the affirmative later in this book, while the latter question, interestingly, has both "no" (Godel's completeness theorem [15]) and "yes" (Godel's 1

'"Nicolas Bourbaki" is the pen-name of a team of top mathematicians who are responsible for the monumental work, "Elemens de Mathematique", which starts with logic as the foundation, or "connecting glue" in the words of [ 17], and then proceeds to extensively cover fields such as set theory, algebra, topology, analysis, measure, and integration.

xl

Xii

PREFACE

(first)mcompleteness theorem [16]) answers! Both of these answers are carefully reconstructed in the Appendix to Part II. Much has been written on logic, which is nowadays a mature mathematical body of knowledge and research. The majority of books written with upper-level undergraduate audiences (and beyond) in mind deal mostly with the metamathematics or metatheory of mathematical logic; that is, they view logic as a mathematical object and study its abilities and limitations (such as incompleteness), and the theory of models, giving short shrift to the issue of using logic as a tool. There are currently only two books that the author is aware of that chronologically precede this volume and address almost exclusively the interests and needs of the user of logic. Both present the subject as a set of tools with which one can do mathematics (or computer science, or philosophy, or anything else that requires reasoning) rigorously, correctly, formally, and with adequate documentation: [2] and [17]. The former tersely introduces logic in its first chapter with a view of applying it as a rigorous tool for theorem generation in the numerous (and very advanced) chapter-volumes that follow (from set theory and algebra to topology, and measure and integration). The latter, a much more recent entry in the literature, is an elementary text (aimed at undergraduate university curricula in computer science) in the same spirit as Bourbaki's, which proposes to use logic, once again, as a tool to prove theorems of interest to computer scientists. Indeed, the second part of [17] is on discrete mathematics in the sense that this term, more or less, is understood by most computer science departments today. Similarly, the volume in your hands aims to thoroughly teach the use of logic as a tool for reasoning appropriate for upper-level undergraduate university students in fields of study such as computer science, mathematics, and philosophy. For the first group, this is an introduction to formal methods—a subject that is often included in computer science curricula—providing the student with the tools, the methodology, and a solid grounding on technique. As the student advances along the computer science curriculum, this volume's toolbox on formal methods will find serious applications in courses such as design and analysis of algorithms, theory of computation, computational complexity, software specification and design, artificial intelligence, and program verification. The second group's curriculum, at the targeted level, in addition to a solid course on the use of logic, will normally also require a more ambitious inquiry into the 2

It is nol that Godel was of two minds on the issue. Rather, the question can be made precise in two different ways, and, correspondingly, one gets two different answers. One way is to think of "universal" truth, such as the truth of " i = x". Universal truth is completely certifiable by the syntactic tools. The other is to think of truth in the "standard models" of some "rich" theories—rich in what one can formulate and prove in them, that is. Formal (Peano) arithmetic—that is, the axiomatic system that attempts to explain the set of natural numbers and the arithmetic operations and relations on it, the standard model— is such a rich theory. Godel showed the existence of true arithmetical statements in the model that cannot be syntactically proved in the axiom system of Peano arithmetic. One such true statement says, "I am not a theorem." 2

PREFACE

Xiii

capabilities and limitations of logic viewed as a mathematical tool. This further trip into the metatheory of logic will traditionally want to delve into two foundational gems beyond those of soundness and propositional completeness. Both are due to Godel, namely, his completeness and incompleteness theorems. The Appendix to Part II settles the former in full detail, and also offers a proof of the latter (actually, only of the first incompleteness theorem ), basing it on an inherent limitation of "general" models of computation, in the process illuminating the connection between the phenomena of uncomputability and unprovability. As a side-effect of constructing a self-contained proof of the first incompleteness theorem, we had to develop a fair amount of computability theory that will be of direct interest to all the readers, in particular, those in computer science. The third group of readers, philosophy majors, traditionally require less coverage in a course in logic than what I have presented here; however, philosophy curricula often include a course in symbolic logic at an advanced undergraduate level, and this volume will be an apt companion for such studies. The book's aim to teach the practice of logic dictates that it must look and feel much like a serious text on programming. In fact, I argue at the very beginning of the first chapter, that learning and practicing logic is a process like that of learning and practicing programming. As a result, the emphasis is on presenting a multitude of tools, and on using these tools in many fully written and annotated proofs, an approach that is intended to enhance the reader's effectiveness as a "prover", giving him many examples for emulation. There are some important differences—despite the superficial similarities that the common end-aims impose—between the approach and content in this volume and that in its similarly aimed predecessors [2] and [17]. Bourbaki provides tools for use by the "practicing mathematician" and does not bother with any semantic issues, presumably on the assumption that the mathematician knows full well how the syntactic and semantic notions interact and relate, and has an already well developed experience and ability to use semantic methods toward finding counterexamples when needed. He merely introduces and uses the so-called Hubert style of proofs (cf. 1.4.12) that is most commonly used by mathematicians. The text of [ 17] is equally silent about the interplay between syntax and semantics, and about any aspect of the metatheory, and refers to Hilbert-style proofs only tangentially. The authors prefer to exclusively propound the equational (or calculational) proof style (cf. Section 2.2), originally proposed in [11]. Moreover, unlike [2], they take liberties with their formalism. For example, even though they argue in their introduction in favor of using formal methods in practical reasoning, they distance themselves from a true syntactic approach, especially in their Chapter 8, where facts 3

4

5

The second incompleteness theorem, that the freedom of contradiction of "rich" axiomatic systems such as Peano arithmetic cannot be proved "from within", is beyond the scope of this volume. Indeed, the only complete proofs in print for this result are found in [22], Vol. II, and in [53]. His. him, he and related terms that grammatically indicate gender are, by definition, gender neutral in this volume. A formalism in the context of mathematical logic is any particular way logicians structure their formal methods. 3

4

5

XiV

PREFACE

outside logic taken from algebra and number and set theory are presented as axioms of predicate logic. While the approach in this volume is truly formal, just like Bourbaki's, it is not as terse; we are guilty of the opposite tendency! We also believe that, unlike the seasoned practitioner, the undergraduate mathematics, computer science, and philosophy students need some reassurance that the form-manipulation proof-writing tools presented here indeed prove (mathematical) "truths", "all truths", and "nothing but truths". This means that we cannot run away from the most basic and fundamental metatheoretical results. After all, every practitioner needs to know a few things about the properties of his tools; this will make him more effective in their use. Thus 1 include proofs of the soundness (meta)theorems for both prepositional and predicate logics (this addresses the "truths", and "nothing but truths" part) and also the two "completeness" results, of prepositional and predicate logics (this is the "all truths" part). However, to maintain both the emphasis on the use of logic and an elementary but rigorous flow of exposition I have delegated the much-harder-to-prove completeness metatheorem of predicate logic ([15]) to a sizable appendix at the end of the book. Why are soundness and completeness relevant to the needs of the user? Completeness of prepositional logic, along with its soundness, give us the much-needed—in the interest of user-friendliness—license to mix semantic and syntactic tools in formal proofs without sacrificing mathematical rigor. Indeed, this license (to use prepositional semantic tools) is extended even in predicate logic, and is made possible by the trick of adding and removing quantifiers ("for all" and "for some"). On the other hand, soundness of the two logics allows the user to disprove statements by constructing so-called countermodels. There are also quite a few simpler metatheoretical results, beyond soundness and completeness, that we routinely introduce and prove as needed about formulae (e.g., about their syntax) and about proofs (e.g., the validity of principles of proof such as hypothesis strengthening, deduction theorem, and generalization), using the basic tool of induction (essentially on formula and proof lengths). The Hubert style of proving theorems is prevalent in the mathematical literature and is prominently displayed and practiced in this volume. On the other hand, the equational-style of displaying proofs has been gaining in popularity especially in computer science curricula. It is a style of proof that seems well adapted to areas in computer science such as software engineering (in particular, in the field of software engineering requirements) and program verification. For the above reason, equational-style proofs receive a thorough exposition in this volume. It is my intention to endow the reader with enough machinery that will make him proficient in both styles of proof, but more importantly, will enable him to choose the style that is best suited to writing a proof for any particular theorem. In terms of prior knowledge (tools) needed to cope with this volume the reader should at least have high school mathematics (but I expect that this includes mathematical induction and some basic algebra). A degree of mathematical maturity, but no specific additional knowledge, of the kind an upper-level undergraduate will normally have will also be handy.

PREFACE

XV

A word on pedagogical approach. I repeatedly taught the material included here to undergraduate computer science students at York University in Toronto, Canada. I think of this book as the record of my lectures. I have endeavored to make these lectures user-friendly, and therefore accessible to readers who do not have the benefit of an instructor's guidance. Devices to that end include anticipation of questions, promptings for the reader to rethink an issue that might be misunderstood if glossed over ("pauses"), numerous remarks and examples that reflect on a preceding definition or theorem. & Using the symbols JL , and Χ X , I am marking those passages that are very important, and those that can be skipped at first reading, respectively. My fondness for footnotes is surely evident (a taste acquired long ago, when I was studying Wilder's excellent Introduction to the Foundations of Mathematics ([57]). I give (mostly) very detailed proofs, as I know from experience that omitting details normally annoys students. Moreover, I have expectations that students will achieve a certain style, and effectiveness, in proofs. The best way to teach them to do so is by repeatedly giving examples how. In turn, students will have the opportunity to test and further their understanding by doing several exercises, some of which are embedded in the text while others appear at chapters' end (a total of more than 190 exercises). Book structure. The book is in two approximately equal-length parts, one on Boolean (or propositional) logic and one on predicate logic. A thorough exposition of Boolean logic pedagogically prepares the reader for the much more difficult predicate logic, at the same time endowing him with several tools that are transferable such as the ubiquitous Post's theorem (propositional completeness) and deduction theorem. Part I is in three chapters. Chapter 1 starts with the basic formation rules of propositional (Boolean) formulae—the syntax—and introduces "induction on formulae" as a tool via which we can prove facts about syntax. It proceeds with Boolean semantics (truth tables) and then continues with the concept of formal proofs—those effected via purely syntactic manipulation—from axioms and rules of inference. Chapter 2 is a veritable database of proofs and theorems, presenting several proofs and proof techniques, including the deduction theorem. Both the equational and Hilbert style of proof layouts are used extensively. Chapter 3 revisits semantics, and proves both the soundness and completeness (Post) theorems, thus demonstrating the full equivalence and interchangeability of the semantic and syntactic proof techniques in Boolean logic. It concludes with an exposition of the technique of resolution in Boolean logic. Part II on predicate logic (or calculus) contains five chapters and a lengthy Appendix. Predicate calculus is introduced as an extension of the logic of Part I, so that every tool that we obtained in Part I is still usable in Part II. This part's first chapter, Chapter 4, is about the syntax of formulae, and introduces the axioms, the rules of inference, and the concept of proof, extending without discarding anything of the corresponding concepts of Part I, Chapter 5 simplifies the metatheoretical arguments by introducing a simpler-to-talk-about logic, equivalent to ours; that is, a logic with a simpler metatheory. Chapter 6 proves and extensively uses powerful rules of inference that were not postulated up front: techniques for adding and removing the

XVl

PREFACE

universal quantifier, powerful Leibniz rules, and techniques for adding and removing the existential quantifier. Our version of predicate calculus, as is common in the literature nowadays, includes equality (=). Chapter 7 advances some basic properties of equality as these flow from the axioms and the rules of inference. Chapter 8 is a "working" first approximation to Tarski-like semantics and proves (in detailed outline) the soundness theorem for predicate calculus. This is an important tool toward constructing counterexamples, or countermodels as we prefer to call them, aiming to show that certain predicate logic formulae are not provable. The Appendix at the very end does several things: It revisits Tarski semantics that were naively presented in Chapter 8, proves soundness again, this time totally rigorously, and also proves Godel's completeness theorem. It then introduces computability, that is, the part of logic that makes the concepts of algorithm, computation, and computable function mathematically precise. In this particular approach to computability, I am using the programming language known in the literature as the Shepherdson-Sturgis ([44]) unbounded register machines (URMs). The topics included constitute the very foundation of the theory of computation and they will be of interest not only to mathematics readers but also to those in philosophy and, especially, in computer science, who will find ample supplemental material for their theory of computation courses. These include partial computable functions, primitive recursive functions, a complete characterization in number-theoretic terms of the partial functions computable by URMs, the normal form theorems, the "Kleene predicate" and a "universal" URM, computable and semi-computable relations and their behavior in connection with Boolean operations and quantification, computably enumerable relations, unsolvability, verifiers and deciders, first-order definability, and the arithmetical relations. This machinery will next allow us to tackle Godel's first incompleteness theorem. This we prove by basing the proof on the nonexistence of a URM program that solves the following problem (halting problem) for any choice of χ and y: "Will program χ ever terminate if its input is y?" Suggested coverage. A computer science curriculum in formal logic will probably cover everything but the Appendix. The course MATH 1090 at York University, especially designed for computer science majors, does exactly that. However, a hybrid course in logic and computability, often included in computer science curricula, will adjust its pace (e.g., going faster through Part I) to include the computability and Godel incompleteness topics of the Appendix. A mathematics major will typically see his first course in logic in an upper-undergraduate year. His syllabus will likely require that the book be studied from cover to cover (again, going fast through Part I). A philosophy major's needs in a course in logic are harder tofitto a prescribed template. Advanced students will likely find all of Part I relevant along with chapters 4-6 of Part II. They will also find a high degree of relevance in the computability and Godel incompleteness topics of the Appendix. GEORGE TOURLAKIS Toronto June 2008

Acknowledgments

The writing of this book would have not been successful without the support and warmth of an understanding family. Thank you. I also wish to thank my York colleagues, Rick Ganong, Ilijas Farah, Don Pelletier and Stefan Mykytiuk, who have used drafts of this book in their MATH 1090 sections and offered me helpful suggestions for improvements. I want to credit all my students in logic courses that I taught over the years, as they have provided me not only with the pleasure of teaching them, but also with the motivation to create a friendly yet mathematically rigorous, thorough, up-to-date, and correct text for their use. I acknowledge the ever supporting environments at York University and at the University of Crete—where I spent many long-term visits, most recently in the spring term of 2006-07 while on Sabbatical leave from York—which are eminently conducive to projects like this one. Steve Quigley and Melissa Yanuzzi have been supportive and knowledgeable editors who made all the steps of the project smooth and effective. It has been a pleasure to work with both of them. I finally wish to record my appreciation of Donald Knuth, Leslie Lamport, and the TUG community (http://www.tug.org) for the typesetting tools TpX and ÉίΓβΧ and the UNIX-based distribution of comprehensive typesetting packages that they have made available to the technical writing community, making the writing of books such as this one fun. xvli

This page intentionally left blank

PARTI

BOOLEAN LOGIC

This page intentionally left blank

CHAPTER 1

THE BEGINNING

Mathematical logic, or as we will simply say, "logic", is the science of mathematical reasoning. Its core consists of the study of the form, meaning, use, and limitations of logical deductions, the so-called proofs. This volume, which is aimed at upper-level undergraduate university students who follow a course of study in computer science, mathematics, or philosophy, will emphasize mainly the use of proofs—it is written with the interests of the user in mind. 1.0.1 Remark. (Before we Begin) The symbol goes at least as far back as the writings of Bourbaki. It has been made widely accessible to authors—who like to typeset their writings themselves—through the typesetting system of Donald Knuth (known as "Tj3i"). I use these "road signs" as follows: A passage enclosed between two single " symbols is purported to be very noteworthy, so please heed! * On the other hand, a passage enclosed between two double signs (" means two things. 6

')

This symbol is a stylized typographical version of the "(dangerous) winding-road" road sign.

Mathematical Logic. By George Tourlakis Copyright © 2008 John Wiley & Sons, Inc.

3

4

THE BEGINNING

The bad news is that it is rather difficult, or esoteric, or both. The good news is that you do not need to understand (or even read) its contents in order to understand all that follows. It is only there in the interest of the "demanding" reader. Such "doubly dangerous" passages allow me to digress without injuring continuity—you can ignore these digressions! • Learning to use logic, which is what this book is about, is like learning to use a programming language. In the latter case, probably familiar to you from introductory programming courses, one learns the correct syntax of programs, and also learns what the various syntactic constructs do—that is, their semantics. After that, one embarks—for the balance of the programming course—on a set of increasingly challenging programming exercises, so that the student becomes proficient in programming in said language. We will do an exactly analogous thing in this volume: We will learn to write proofs, which are nothing else but annotated sequences of formulae and are similar to computer programs in terms of syntactic structure—the annotations playing a role closely similar to that of comments in computer programs. But to do that, we need to know, to begin with, what are the rules of correctly writing down a formula and a proof! We have to start with the syntax of these objects—formulae and proofs—precisely as it is done in the case of programming and its related objects, the programs. Thus, we will begin with learning the syntax of the logical language, that is, what syntactically correct formulae and proofs look like. We will also learn what various syntactic constructs "say" (semantics). For example, we will learn that a formula makes a "statement". A proof also makes a statement, that every formula in it is true in some very intuitively acceptable sense. We will learn that correctly written proofs are finite and "checkable" means toward discovering mathematical "truths". We will also learn via a lot of practice how to write a large variety of proofs that certify all sorts of useful truths of mathematics. The above task, writing proofs—or "programming in logic" if you will—is our main aim. This will equip you with a toolbox that you can use to discover or certify truths. It will be handy in your studies in computer science, and in whatever area of study or research you embark upon and where reasoning is required. However, we will also look at this toolbox, the logic, as an object of study and study some of its properties. After all, if you want to take up, say, carpentry, then you need to know about tools such as hammers—their properties (e.g., hard and heavy) and limitations (e.g., unfriendly to fingers). When using the toolbox to prove theorems, you work within logic. On the other hand, when studying the toolbox, you work in logic's metatheory (in metalogic) to talk and reason about logic. People often do this kind of study with programming languages, looking at them as objects of study rather than as instruments to write programs with. For example, in an advanced course on the comparative study of programming languages one looks at several programming languages and compares them for features, suitability

THE BEGINNING

5

for certain programming tasks—for any specific task some are more suitable than others—limitations, etc. Here is another analogy: In the "real world" that we live in, one builds flight simulators, which we use to simulate flying an airplane, and in the process we learn how to do so. The real world where the simulator is built is the simulator's metatheory, where we can, among other things, study the properties and limitations of simulators and compare several simulators for features such as relative "power" (i.e., how effective or realistic they are), etc. Similarly, formal logic is built within "real mathematics", as we will see in the next section. It, too, is a "simulator" employed to write formal proofs that certify the truth of mathematical statements. These proofs imitate the kind of informal proofs one typically employs in informal mathematics but do so within a precisely specified system of notation (called language), rules, and assumptions. Thus, using formal logic is a means to learn how to write proofs—and not only formal proofs!—just as using a flight simulator is a means of learning how to fly a real plane. The metatheory of logic—the "real mathematics"—addresses questions among the deepest of which is the question of how far formal logic can go in discovering mathematical truths. Let us next look more closely at the similarity between programming languages and programming on one hand and logical languages and proving on the other, and argue that, similar as the two activities may be, the second one is a bit easier! (1) In programming, you use the syntactic rules to write a program that solves a problem. (2) In logic, you use the syntactic rules to write a proof that establishes a theorem. In the latter task you are done as soon as the proof ends. At the end of the proof you have your theorem, exactly as stated. In the former task, programming, it is not enough to just write a program! You next have to convince your boss, or your instructor, that the program indeed solves the problem; that it is "semantically correct" with respect to the problem's specification. Note that in proving a theorem you have a purely syntactic task. Once your correctly written proof ends with the theorem you were trying to prove, you are done. There is no messing about with semantics. There is another reason why programming is harder than proving theorems: Programming has to be painstakingly precise because it involves your writing instructions for a dumb machine to "understand" and follow. You must be absolutely and pedantically clear in your instructions. On the other hand, you address a proof to a human who knows as much as you do, or more, about the subject. This human will in general accommodate a few shortcuts that you may want to take in your presentation. In short, proofs are read by "intelligent" humans, while programs are read by "dumb" computers. We need to work really hard to speak at the level of the latter. Will you ever need to deal with semantics in logic? Yes! Semantics is useful when you want to disprove (or refute) something, that is, to prove that it is a false

6

THE BEGINNING

statement, a fallacy. We will talk about semantics later—three times: once under Boolean logic, once under predicate logic, and one last time in the Appendix. There are many methodologies or paradigms (and corresponding programming languages suitable for the task) for writing programs. For example (add the word programming after each italicized keyword), procedural (Algol, Pascal, Turing), functional (LISP), logic (Prolog), and object-oriented (C++, Java). Most computer science departments will expose their students to many of the above. Similarly there are several methodologies for writing proofs. For example (add the word style after each italicized keyword), equational (the one favored by [17]), Hilbert (favored by the majority of the mathematics, computer science, and logic literature), Gentzen's natural deduction, etc. My aim is to assist the reader to become an able user of the first two styles: the equational and the Hilbert style of proof. In both methodologies, an important required component is the systematic annotation of the proof steps. Such annotation explains why we do what we do, and has a function similar to that of comments in a program. Okay; one can grant that a computer science student needs to learn programming. But logic? You see, the proper understanding of prepositional logic is fundamental to the most basic levels of computer programming, while the ability to correctly use variables, scope, and quantifiers is crucial in the use of loops, and subroutines, and in software design. Logic is used in many diverse areas of computer science, including digital design, program verification, databases, artificial intelligence, algorithm analysis, computability, complexity, and software specification. Besides, any science that requires you to reason correctly to reach conclusions uses logic. When one is learning a programming language, one often starts by learning a small subset of the language, just to smooth the learning curve. Analogously, we will first learn—and practice—a subset of the logical language. This we will do not due to some theoretical necessity, but due to pedagogical prudence. This particular, "easy" subset of (the "full") logic that we will embark upon learning goes by many names: Boolean logic, prepositional logic, sentential logic, sentential calculus, and prepositional calculus. The "full logic" we will call by any of the names predicate calculus, predicate logic, or first-order logic. I like the calculus qualifier. It connotes that there is a precise way to "calculate" within logic. It emphasizes that building proofs is an algorithmic and precise process, just like programming.

Indeed, it turns out that you can write a program, say, in Pascal, that will accept no input, but if it is allowed to run forever it will print all the theorems of logic (and not just those of the Boolean variety)—and never print a non-theorem!—in some order, possibly with some repetitions (cf. A.4.7 on p. 270). 7

7

We will soon appreciate that there are infinitely many theorems in logic.

THE BEGINNING

7

Equivalently, we can write a program that is a theorem verifier. That is, given as input a theorem, the program will verify that it is so, in a finite number of steps. If the input is a non-theorem, our verifier will decline an answer—it will run forever. Thus, proving theorems is a mechanical process] Digression: The above assertion is an example of a true assertion about the logic, not one that we can prove using exclusively the tools o/logic as a tool. It is a metatheorem of logic as we say, not a theorem. The proof of this metatheorem requires techniques much more powerful than— indeed external to—those that the logic provides. We will prove this metatheorem in the Appendix to Part II (A.4.6). So metatheorems are truths about the logic that we prove with tools external to the logic, while theorems are truths that the logic itself is capable of proving. There is some danger that the above statement, "proving theorems is a mechanical process", may be misinterpreted by some as one advocating that we build proofs by mindlessly shuffling symbols. Nothing is further from reality. The statement must be understood precisely as written. It says that there is a "mindless" way, a programmable way, to generate and print all possible theorems of logic, and, equivalently, also a programmable way to verify all theorems, which, however, refuses to verify any non-theorem by "looping" forever when presented with any such as input. But it is not a recipe for how we ought to behave when we write proofs. This is not the way a mathematician, or you or I, go about proving things—mindlessly. In fact, if we do not understand what is going on, we cannot go too far. Moreover, interesting, even important, as this result (about the existence of theorem verifiers) may be theoretically, it is useless practically, as we further discuss below. Our task is different. In general, we are more inquisitive. Given an arbitrary (mathematical) statement, we do not know ahead of time if it is a theorem or not. This italicized statement, the so-called decision problem of logic, is what we normally are interested in. Thus, our "verifier" is not very helpful, for if the statement that we present it as input is not a theorem, then the verifier will run forever, not giving an answer. Hmm. Can we not write a decider for logic? The answer to this is interesting, but also reassuring to mathematicians (and all theorists): Their jobs are secure! (1) For Boolean logic, we can, since the question "Is this statement a theorem?" translates to "Is this statement a tautology?" (cf. 3.2.1). The latter can be settled algorifhmically via truth tables. But there is a catch: Checking a formula (the formal counterpart of a "statement") for tautology status is an unfeasible problem. So we can do it in principle, but this fact is devoid of any practical value. 9

"That this formulation of the claim is equivalent to the preceding one is a standard result of computability. Cf. Appendix to Part II, Remark A.3.91 on p. 262. 'The term unfeasible—also intractable—has a technical connotation in complexity theory: It means a problem for which we know of no algorithm that runs in polynomial time as a function of the input

8

THE BEGINNING

(2) For predicate logic, the answer is more pleasing to mathematicians. First, there exists no decider for this logic if we expand it minimally so that it can reason about the theory of natural numbers (this is Alonzo Church's theorem, [3,4]). Second, even if one were to be satisfied simply with a verifier for theorems, then we still would have no general solution of any practical value in hand. Indeed, again considering the logic augmented so that it can "do number theory", any chosen verifier V for this logic would be extremely slow in providing answers in the following precise sense: For any choice of a step-counting function / ( n ) , there is an infinite subset, S, of the set of theorems of number theory, such that each theorem-member, T, of S that is composed of η symbols requires for its verification more than f(n) steps to be performed by V. This is a result of Hartmanis ([19]). 10

Let us stop digressing for now. In the next section we begin the study of the sublogic known as prepositional calculus. 1.1

BOOLEAN FORMULAE

We will continue stressing the algorithmic nature of the discipline of proving, just as it is the case in the discipline of programming. In particular, just as in serious programming courses the programming language is introduced via preciseformat ion rules that allow us to write syntactically correct programs, we will be every bit as serious by introducing very precisely the rules for writing syntactically correct (1) formulae and (2) proofs. Once again, the syntax of the logical language is much simpler to describe than that of any commercially available programming language. So, how does one build—i.e., what are the rules for writing down correctly— formulae? Continuing with the programming analogy, you will recall that to define a programming language, i.e., the syntax of its programs, one starts with the list of admissible symbols, the so-called alphabet. In some languages, the alphabet includes symbols such as "3,4,0, [, A, B,c,d,E,+,x, —" and "keywords"—that is, multiple-character symbols—such as if, then, else, do, begin. Similarly, in Boolean logic, we start with the basic building blocks, which collectively form what is called the alphabet (for formulae). Namely, length—or worse, we know that such an algorithm does not exist. In this case it is the former. However, there is a connection with the so-called "P vs. NP" open question (see [5]). If a polynomial algorithm that recognizes tautologies does exist, then the open problem is settled as "P = NP", something that the experts in the field consider highly unlikely. The truth table method runs in exponential time. '"For example, consider / ( n ) = 2 ". If we think of f(n), for each n, as representing picoseconds of run time of the verifier V (1 picosecond is 1 0 ~ seconds), then every member of S of length more than 4 symbols will require the verifier V to run for more than 5.70045 χ 1 0 years! 2

1 2

2 8 8

BOOLEAN FORMULAE

9

Al. Symbols for variables, called the Boolean or propositional or sentential variables. These are p, q, r, with or without primes or subscripts (i.e., p', 913, r-j" are also symbols for variables). X

We often need to write down expressions such as "A\p := B]", to be defined later (1.3.15), but do not wish to restrict them to the specific variable p. Nor can we say things such as "for any Boolean variable ρ we consider A\p := B)..." as there is only one specific pi We get around this difficulty by employing so-called metavariables or syntactic variables—i.e., symbols outside the alphabet that we can use to refer to or point, generally, to any variable. We adopt the names for those to be the boldface p, q, r with or without primes or subscripts. Thus pgj names any variable p, q,r'",q'g , etc. Rarely if ever in this volume will we need to use more Boolean metavariables than these two: p , q. S7

We can now use the expression "for every Boolean variable ρ we consider A[p := B\..." referring to what ρ names rather than to ρ itself. Two analogous examples are, from algebra, "for every natural number n" (n is not a natural number!) and, from programming, where we might say about Algol, "for each variable x, the instruction χ := χ + 1 means to increase the value of χ by one." Again, χ is not a variable of Algol; X13, YXZ99, though, are. But it would be meaningless to offer the general statement "for each variable X13, the instruction X13 := X13 + 1, etc." since X13 is a specific variable of the Algol syntax. The programming language metavariable χ allows us to speak of all of Algol's variables collectively! On the other hand, the expression "for every Boolean metavariable" refers to the set of metavariables themselves, {p, q, r^g, . . . } and will be rarely, if ever, used. The expression "for every Boolean metavariable p " is as nonsensical as "for every Boolean variable p". A2. Two symbols for Boolean constants, namely Τ and 1. These are pronounced variously in the literature: verum (also top, or symbol "true") and falsum (also bottom, or symbol "false " ). 11

A3. Brackets, namely, ( and ). A4. "Boolean connectives", namely, the symbols listed below, separated by commas -.,A,V,->,=

Let us denote by V the alphabet consisting of the symbols described in A1-A4. Usually, the qualifier symbol is dropped and then the context is called upon to distinguish between "true/false" the symbols vs. "true/false" the Boolean values of the metatheory (introduced in Section 1.3). In particular, cf. Definition 1.3.2 and Remark 1.3.3. 1 1

10

THE BEGINNING

1.1.1 Remark. (1) Even though I say very emphatically that p,q, r, etc., and also Τ and ± , are just symbols, —the former standing for variables, the latter for constants—yet, I will stop using the qualification symbols, and just say variables and constants. This entails an agreement: I always mean to say symbols, I just don't say it. (2) Most variable symbols are formed through the use of "subsymbols"—such as 0,1,2,'—that are not members of the alphabet V themselves; e.g., p"{ 4. This does not detract from the fact that each variable (name) is a single symbol of V, entirely analogously with, say, the keywords of Algol if, then, begin, for, etc. (3) Readers who have done some elementary course in logic, or in the context of a programming course, may have learned that ->, V are the only connectives one really needs since the rest can be expressed in terms of these two. Thus we have deliberately introduced redundancy in the adopted set of connectives (i) above. This choice in the end will prove to be user-friendly and will serve our aim to give a prominent role to the connective =, in the axioms and in rules of inference (Section 1.4). • 12

003

1.1.2 Definition. (Strings or Expressions; Substrings) We call a string (also word or expression), over a given alphabet, any ordered sequence of the alphabet's symbols, written adjacent to each other without any visible separators (such as spaces, commas, or the like). For example, 00660 is a string of symbols over the alphabet {a, b, c,0,1,2,3} (note that you don't have to use all the alphabet symbols in any given string, and, moreover, repetitions are allowed). Ordered means that the position of symbols in the string matters; e.g., αα6 φ aba. We denote arbitrary strings over the alphabet A1-A4 by string variables, i.e., names that stand for arbitrary or specific strings. Specific strings, or string constants, are sometimes enclosed in double quotes to avoid ambiguity. For example, if we say 13

14

Let A be the string aab. we need to know whether the period is part of the string or not. If it is not we symbolically indicate so by writing Let A be the string "aab ". If it were part of the string, then we would have written instead Let A be the string "aab.". String variables—by agreement—will be denoted by uppercase letters A, B, C, D, Ε, P, Q, R, S, W etc., with or without primes or subscripts. In particular, since Boolean expressions (and theorems) are strings, this naming is valid for this special case, too. Some logicians put it more emphatically: "meaningless symbols". "E.g., "let A be any string". E.g„ "let A stand for (-.(ρ Λ q))".

12

14

BOOLEAN FORMULAE

11

The major operation on strings is concatenation, that is, juxtaposition. To concatenate the strings (named) A and B, in that order, is to form the string (named) AB that consists of the symbols in A, from left to right, immediately followed by the symbols in B, from left to right. Thus, if A is aab and Β is 00110, then AB is αα&ΟΟΠΟ. Clearly, concatenation is an associative operation, i.e., (AB)C = A(BC). Hence, when we omit brackets, as we normally do, and simply write ABC, there is no ambiguity since wherever we may insert the brackets that we "forgot" makes no difference! There is a very special string that we call the empty string and denote by e (this being a specific string, a constant, we deviate from the naming convention A, B, C,... above). What is special about it is that it contains no symbols, so that At = tA = A. "B is a substring of A" means that for some strings C and D we have A = CBD. For example, over the alphabet {a, b] we have that α is a substring of aab. Indeed there are two occurrences of α in aab as substrings: A first (shown boxed) is justified by noting aab = efq~|ab and a second is justified by noting aab = α[α~|6· • We can build all sorts of expressions over our Boolean alphabet V, such as pp,pqr, -Ά, (r —• r), and a lot of others. Some such strings (e.g., the last one above) are well-formed-formulae (in short, wff), the rest being gibberish. Hmm. How can we tell? For example, if we asked an unsuspecting (not logically trained) passerby which of the following are "well-formed" p= p ((pVq) = q) = {(pAq)=p) we would have no right to expect any better than lucky guesses from him (we can check, by asking him "why?" in each case). So, how can we tell? The obvious (silly) answer would be, "Why not tabulate all formulae? Then we can check any string for formula status by table look-up. If the string is in the table, then it is a formula; otherwise it is not a wff." Of course this is silly, for we cannot write down an infinitely long table such as a table of all formulae would be. We must find a way to define a set of infinitely many strings (the formulae) by a finite text. Pause. Can we do such a thing? Absolutely. We will give a precise process that every time it is applied builds a formula, and will never build a nonformula. Moreover, it is "general enough" so that if it is applied over and over, for ever, it will build all formulae. We are ready to define formula-calculation. 1.1.3 Definition. (Formula-Calculation or Formula-Parse) We will call formulacalculation (or formula-parse) any finite (ordered) sequence of strings that we may write respecting the following three requirements:

12

THE BEGINNING

(1) At any step we may write any symbol from Al or A2 of the alphabet (p. 9). (2) At any step we may write the string (-Ά), provided we have already written the string A. (3) At any step we may write any of the strings (Α Λ Β), (A V Β), (A —• Β), (A = Β), provided we have already written the strings A and B. • 1.1.4 Example. In the first step of any formula-calculation, only requirement (1) of Definition 1.1.3 is applicable, since the other two require the existence of prior steps. Thus, in the first step, we may write only a variable or a constant. In all other steps, all the requirements (l)-(3) are applicable. Here is a calculation (the comma is not part of the calculation, it just separates strings written in various steps):

Verify that the above obeys Definition 1.1.3. Here is a more interesting one: P,Q, (pV«), (pAq), ((Ρ A q)

((pVo) = ρ), Ξ ρ),

(((ρ

V

q) = q) Ξ ((ρ Aq)

= p))

•

1.1.5 Definition. (Boolean Expressions or wff or Formulae) A string A over the alphabet A1-A4 will be called a Boolean expression or a well-formed-formula iff it is a string written at some step of some formula-calculation. The set of Boolean expressions we will denote by WFF. A member of WFF is often called a wff (a formula). • 15

1.1.6 Remark. (1) The idea of presenting the definition of formulae as a "construction" or "calculation" goes at least as far back as [2, 21]. (2) We used, in the interest of user-friendliness, active or procedural language in Definition 1.1.3 (i.e., that we may do this or that in each step). A mathematically more austere (hence "colder"(!)) approach that does not call upon anyone to write anything down—and does not speak of "steps"—would say exactly the same thing as Definition 1.1.3 rephrased as follows: 16

A formula-calculation (or formula-parse) is any finite (ordered) sequence of strings, Αχ, A2, • • •, A such that—for all i = 1,...,η—Αι is one of: n

(I) Any symbol from Al or A2 (II) (-Λ), provided A is the same string as some Aj, where 1 < j < i "if and only if Exactlyas[21]does. l6

BOOLEAN FORMULAE

13

(III) Any of the strings (Α Α Β), {A V Β), {A -» Β), {A = B), provided A is the same string as some Aj, where 1 < j < i and Β is the same string as some Ak, where 1 < k < i (it is allowed to have j = k, if needed) (3) There is an advantage in the procedural formulation 1.1.3. It makes it clear that we build formulae in stages (or steps), each stage being a calculation step. In each step where we apply requirement (2) or (3) of 1.1.3, we are building a more complex formula from simpler formulae by adding a Boolean connective. Moreover, we are building a formula from previously built formulae. These last two remarks are at the heart of the fact that we can prove properties of formulae by induction on the number of steps (stages) it took to build it, or more simply, by induction on its "complexity" (that is, the total numbers of connectives in the formula, counting repetitions; see next section). • The concluding remark above motivates an "inductive" or "recursive" definition of formulae, which is the favorite definition in the "modem" literature, and we should become familiar with it: 1.1.7 Definition. (Alternative (Recursive) Definition of WFF) The set of all wellformed-formulae is the smallest set of strings, WFF, that satisfies (1) All Boolean variables are in WFF, and so are the symbols Τ and _L. We call such formulae atomic. (2) If A and Β are any strings in WFF, then so are the strings (->A), (A A B), (A V β ) , (A —• β ) , (A = B). • 1.1.8 Remark, (a) Why "recursive"? Because item (2) in 1.1.7 defines the concept formula in terms of (a smaller, or earlier, instance of) "itself: It says, in essence, "... (A V B ) is a formula, provided we know that A and Β are formulae. ..." 1 7

In programming terms, confronted with, say, the 3rd subcase of case (2) of the definition, we "call" the definition recursively, twice, to settle the questions "Is A a wff?" and "Is Β a wff?" If "yes" for both, then we proclaim that (A V B) is a wff. (b) Part(l)in 1.1.7definesthemostbasic,mosttrivialformulae. This part constitutes what we call the Basis of the inductive (recursive) definition, while part (2) is called the inductive, or recursive, part of the definition. (c) 1.1.7 and 1.1.5 say the same thing, looking at it from opposite ends: Indeed, suppose that we want to establish that a given string D is a formula. If we are using 1.1.5, we will try to build D via a formula-calculation, starting from atomic Each of A and Β are substrings (cf. 1.1.2) of (Α ν B), so they are "smaller" than the latter. They are also "earlier" in the sense that we must already have them—i.e., know that they are formulae—in order to proclaim (Av B)a formula. l7

14

THE BEGINNING

ingredients and building as we go successively more and more complex formulae until finally, in the last step, we obtain D. If on the other hand we are using 1.1.7, we are working backwards (and build a formula-calculation in reverse!). Namely, if D is not atomic, we try to guess— from its form—what was the last connective applied. Say we think that it was —>, that is to say, D is (A —» B) for some strings A and B. Now we have to verify our guess! This requires that the strings A and Β are formulae. Thus, taking each of A and Β in turn as (a new, smaller) "D" we repeat this process. And so on. This is a terminating process since the new strings we obtain (for testing) are always smaller than the originals. Of course, I did not prove here that the two definitions define the same set WFF. But they do!

18

Technically, the term smallest is crucial in 1.1.7 and it corresponds to the similarly emphasized iff of 1.1.5. A proof that the two definitions are equivalent is beyond our syllabus. • 1,1.9 Example. Let us verify using 1.1.7 that ((ρ V q) V r) is a formula. call#l We guess that the rightmost "V" is the last to apply; thus, using (2) in 1.1.7 we must now verify that (ρ V q) and r are formulae. Well, r is by (1) in WFF. However, (ρ V q) leads to call #2. call #2 Again, using (2)—this time we do not need any guessing; there is only one connective—we must verify that ρ and q are formulae. This is so by (1) in 1.1.7. When we use Definition 1.1.7 to verify that a string is a formula, we say that we parse the string top-down. On the other hand, when we build the formula using Definition 1.1.5, then we are parsing it bottom-up. Can we parse the above string in another top-down way? Obviously, our recursive call to the definition hinges around one of the two "V" symbols in the string. We must guess which is "the right one" (as the last connective to apply). Why is the leftmost connective not "right"? Here is where metamathematical analysis comes in: The leftmost connective will work as the "last one to apply" iff (according to 1.1.7) "(p" and "q) V r" are both formulae. The metamathematical analysis of formula syntax (see next section) 19

I only hand-waved to that effect, arguing that for any string D in WFF, 1.1.5 builds a calculation the normal way, while 1.1.7 builds it backwards. I conveniently swept under the rug the case where D is not in WFF, i.e., is not correctly formed. I know that the separation of "mathematics" from "metamathematics" is at first tricky. Think of the hammer analogy: You do "theory" (or "mathematics" or "logic") when you use the hammer. On the other hand, when articulating a principle such as "It is inevitable that I will hit my finger with the hammer", then you are doing an analysis of the hammer's behavior. You are doing "metatheory" (or "metamathematics" or "metalogic"). Similarly, you do logic when you generate a formula according to 1.1.5, or backwards according to 1.1.7. However, articulating principles such as "There is only one way to parse a formula", or "Every formula has balanced brackets", studies, does not build, formulae and thus lies within the metalogic. l8

,9

BOOLEAN FORMULAE

15

tells us that every formula must have a balance of left and right brackets. So none of these two is a formula, and therefore the leftmost V cannot be the last connective to apply.

•

In the course of a formula-calculation (1.1.3), we write some formulae down without looking back (step of type (1)). Some others we write down by combining via one of the connectives Λ, V, —>, = two formulae A and Β already written, or by prefixing one already written formula, C, by -i. In terms of the construction by stages, the formula built in this last stage had as immediate predecessors A and Β in the first case, or just C in the second case. One can put this elegantly via the following definition: 1.1.10 Definition. (Immediate Predecessors) None among the constants Τ and _L, or among the variables, have any immediate predecessors. Any of the formulae {Α Λ Β), (A V Β), (A —> Β), (A = Β) have A and Β as immediate predecessors. A is an immediate predecessor of {^A). Sometimes we use the acronym i.p. for immediate predecessor. • It turns out that a formula uniquely determines its i.p. We give a proof later (1.2.5). 1.1.11 Remark. (Priorities) In practice, too many brackets make it hard to read complicated formulae. Thus, texts (and other writings in logic) often come up with an agreement on how to be sloppy, but get away with it. This agreement tells us what brackets are redundant—and hence can be removed— from a formula written according to Definitions 1.1.5 and 1.1.7, still allowing the formula to "say" the same thing as before: (1) Outermost brackets are redundant. For the remaining two cases, it is easiest to think of the process in reverse: How to reinsert correctly (as per Definition 1.1.5) any omitted brackets. (2) Any other pair of brackets is redundant, if its presence (as dictated by 1.1.5) can be understood from the priority, or precedence, of the connectives. Higher-priority connectives bind before lower-priority ones. That is, if we have a situation where a subformula A of a formula has already been reconstructed as per 1.1.5, and is claimed by two distinct connectives ο and o, among those in (*) below, as in " . . . ο A ο ...", then the higher-priority connective "glues" first. This means that the implied brackets are (reinserted as) " . . . ο A) ο . . . " or " . . . ο (A ο ..." according as ο or ο has the higher priority, respectively. 20

The order of priorities (decreasing from left to right) is agreed to be:

21

-.,A,V,-.,=

(*)

A subformula of a formula β is a substring of Β that is a formula. Other agreements for priorities are possible. I offered the one that most people use. But remember: It is only an agreement, which means (1) we must stick to it, and (2) it is neither "more right" nor "more wrong" than any alternative agreement. 2 0

2 1

16

THE BEGINNING

(3) In a situation like " . . . ο Λ ο ..."—where A has already been reconstructed as in 1.1.5, and ο is any connective listed in (*) above, other than -•—the right ο acts before the left. Thus the implied bracketing is " . . . ο (A ο...". Similarly, in

is short for (—>(—>yl)).

We say that all connectives are right associative. It is important to emphasize: (a) This "agreement" results in a shorthand notation. Most of the strings depicted by this notation are not correctly written formulae, but this is fine: Our agreement allows us to decipher the shorthand and uniquely recover the correctly written formula we had in mind. (b) I gave above the convention that is followed by 99.9% of writings in logic, and in (almost) all programming language definitions (when it comes to "Boolean expressions" or "conditions"). (c) The agreement on removing brackets is a syntactic agreement. In particular, right associativity says simply that, e.g., ρ V q V r is shorthand for (ρ V {q V r)) rather than ((ρ V q) V r). However, no claim is either made or implied that (ρ V (g V r)) and ((ρ V g) V r) mean different things. At this point meaning (Boolean values) has not yet been introduced. When it is later on, we will easily see that (pV(gVr)) and ((pVg)Vr) mean the same thing. • 1.1.12 Example, ρ stands for p. ->p stands for (->p). ρ —> q —» r stands for (p —> (g —» r)). If I want to simplify ((p - > ? ) - > r), then (p —» g) —> r is as simple as I can get it to be. ->p Λ q V r is short for (((-•ρ) Λ g) V r). If in the previous I wanted to have -• act last, and V to act first, then the minimal set of brackets necessary is: ->(p Λ (g V r)). • A connection with things to come in a degree program in computer science. Any set of rules that tell us how to correctly write down strings constitutes a socalled grammar. Formal language theory studies grammars, the sets of strings that grammars define (called formal languages), and the procedures (or "machines") that are appropriate to parse these strings. In an introductory course on "automata and formal language theory", a student learns about formal languages. Such a student would quickly realize that Definition 1.1.7 is, in effect, a definition of a grammar for the "language" (i.e., set of

INDUCTION ON THE COMPLEXITY OF WFF: SOME EASY PROPERTIES OF WFF

17

strings) WFF. He would utilize a neat notation, such as 22

Ε :~A\{E

Λ

V E)\(E

Ξ

E)\{-<E)

A ::=T|±|p|o|r|p'| ... where Ε stands for (Boolean) Expression, A for Atom, "::=" is read as "is defined to be" and " | " is read as "or", separating alternatives in an "is defined to be"-list. Thus, the first line says, in English, "A (Boolean) expression is defined to be an atom, or '(' followed by an expression, followed by 'Λ' followed by an expression followed by ' ) ' , or, etc." The second line defines atom as any of the constants or the variables (note the separating or's).

1.2

INDUCTION O N T H E C O M P L E X I T Y O F W F F : S O M E E A S Y PROPERTIES OF WFF

Suppose now that we want to prove that every A G WFF has a "property" £P. The technique is to associate a natural number with each member of WFF and prove the property by induction on numbers. The most obvious number one may associate with a formula A is the formula's complexity: 23

1.2.1 Definition. (Complexity of a Formula) The complexity of a formula is the number of connectives—counting repetitions—occurring in the formula. • 1.2.2 Example. Note that we can read the complexity accurately even if we write formulae in least parenthesized notation. Every atomic formula has complexity 0. The complexities of ρ —• q —> p ' , -ιρ V q V s, and ->p Λ p' V ρ" —» (ρ"' = q) are 2, 3, and 5 respectively. Brackets do not contribute to complexity. • A crash course on induction. First off, let us recall what we call strong or courseof-values induction on the natural numbers (also known as complete induction): Suppose that &(n) is a property of the natural number n. To prove that £P(n) holds for all η Ε Ν it suffices, in principle, to prove for the arbitrary η that ί?(η) holds. What we mean by "arbitrary" is that we do not offer the proof of ^(n) for some "biased" η such as η = 42, or η even, or η with 105 digits, etc. If the proof indeed 24

Known as BNF notation, or Backus-Naur-Form notation. "x 6 y" is shorthand for the claim "x is a member of the set y", also pronounced "x belongs to y" or "x is in y". N denotes the set of all natural numbers { 0 , 1 , 2 , 3 , . . . } . Thus "for all η e N" is elegant notation that says "forn = 0 , 1 , 2 , 3 , 22

2 3

24

18

THE BEGINNING

has not cheated by using some property of η beyond "n e N", then our proof is equally valid for any η e N; we have succeeded in effect to prove &(n),for all η € Ν. Now the above endeavor is not always easy. It would probably come as a surprise to the uninitiated that we can pull an extra assumption out of the blue and use it toward proving ^(n), and that when all is said and done this process is as good as if we proved &>(n) without the extra assumption! This out-of-the-blue assumption is that 3»(k) holds for all k < η

(I)

or, another way of putting it, that the history or course-of-values of ^"(n), &>{ΰ),3»{\),...,&>{η-\)

(II)

holds—that is, it is a sequence of valid statements. It goes by the name induction hypothesis (I.H.), and the technique is that of "proof by strong induction". A couple of comments: (1) As before, we still have to prove !?{n) for the arbitrary n, although now we have the I.H. as extra help. (2) We note that the history, (II), of &{n) is empty if η = 0. Thus every proof by strong induction has two cases to consider: the one where the history helps, because it exists, i.e., when we have η > 0, and the one where the history does not help, because it simply does not exist, i.e., when η = 0. In summary, strong induction proofs have two cases: l.S. Where η > 0 and we are helped by the I.H. ((/) or (77) above). l.S. is an abbreviation for induction step. Basis. Where η = 0 and we are on our own! The proof for η = 0 is called the basis step of the induction. Since on occasion we will also employ "simple" induction in this book, let me remind the reader that in this kind of induction the I.H. is not the assumption of validity of the entire history, but that of just έ?(η- 1). As before, simple induction is carried out for the arbitrary n, so we need to work out two cases: when the I.H. is really there (n > 0) and when it is not (n = 0). The case of proving £?(0) directly is still called the basis of the (simple) induction. Tradition has it that in performing simple induction the majority of users in the literature take as I.H. £?(n) while the l.S. involves proving i?(n + 1). Correspondingly, we organize proofs of properties of formulae X, £?(X), into two main cases (rather three, in practice; see below)—essentially carrying out a strong induction with the complexity η of X as a "proxy". However, the complexity η of X is well hidden in the background of the argument and we do not mention it: (i) Case of atomic formulae (these are the only ones with complexity η = 0) where the proof is direct, without the benefit of the I.H.

INDUCTION ON THE COMPLEXITY OF WFF: SOME EASY PROPERTIES OF WFF

19

(ii) Case of nonatomic formulae (corresponding to a complexity (of Χ) η > 0) where we will benefit from the I.H. that 3*(A) holds for all formulae A that are less complex than X (i.e., they have complexity k < n) In case (ii), if A is any formula less complex than X, we will often say that "the I.H. applies to A ", meaning precisely that "by the I.H., ^(A) holds ". Let us apply (i)-(ii) to obtain a framework of proofs by induction on the set of formulae or, as we say more simply, by induction on formulae. Now, since every proper subformula A of X has a lesser complexity than X, the I.H. applies on A. In particular, the I.H. applies on all the i.p. of X (the definition of i.p. was given in Definition 1.1.10). 25

Thus, in practice, (i)-(ii) translate into the following simple framework for proofs by induction on formulae: (a) X is atomic: Give a direct proof. (b) X has the form (-Λ). Give a proof on the assumption (I.H.) that £?(A) holds. (c) X has the form (Α ο Β)—where ο e {Λ, V, =, —>}. Give a proof for each case of ο on the assumption (I.H.) that &>{A) and &>(B) hold.

Let us now prove a few properties of formulae by induction on formulae. All the "theorems" (and their corollaries) of this section are about formulae and their syntax. They are not theorems of logic, but are metatheorems. 1.23 Theorem. Every Boolean formula A has the same number of left and right brackets. Proof. The theorem is about formulae written properly, as per Definition 1.1.5, that is, before our agreements to simplify bracketing are applied. We prove the property by induction on formulae, A. (1) Basis: A is atomic. Each atomic formula has 0 left and 0 right brackets. We are Okay. (2) A has the form (-•£?). The I.H. applies on the less complex B. So let Β have m left and m right brackets. Then A—i.e., (-•£?)—has m + 1 of each. (3) A has one of the forms (Β Λ C), (Β V C), (B -» C) and (B = C). The I.H. applies to the less complex subformulae Β and C. So let them have m left/right and r left/right brackets respectively. Thus A has m + r + 1 left, and as many right, brackets. • 25

That is, not the same string as X.

20

THE BEGINNING

Note. A string Β is a prefix of a string A iff there is a string C such that A = BC. The prefix is empty iff it is the empty string (i.e., it has no symbols in it; it has length 0). It is proper iff Α φ Β. 1.2.4 Corollary. Any nonempty proper prefix of a Boolean expression A has more left than right brackets. 26

Proof. Induction on A. Since A denotes an arbitrary formula, "induction on formulae" can be rephrased as "induction on A". Compare with "induction on natural numbers" and "induction on n". (1) A is atomic. Note that none of the atomic formulae has any nonempty proper prefixes, so we are done without lifting a finger. 5_ This is an instance of a statement being "vacuously true": The statement has a typical instance that says, "All nonempty proper prefixes of ρ have more left than right brackets." Is this true? Absolutely! If you think otherwise, then show me just one nonempty proper prefix of ρ that does not have an excess of left brackets. You cannot, because there are no nonempty proper prefixes of p. (The only nonempty prefix of ρ is p, but this is improper.) (2) A has the form (-ΊΪ). The I.H. applies to B. Well, let's check the nonempty proper prefixes of (^B). These are (quotes not included, of course): (a) "(". Okay, by inspection. (b) "(-.". Ditto. (c) "(-iC"\ where C is a nonempty proper prefix of B. By I.H. if m is the number of left and η the number of right brackets in C , then m> n. But the number of left brackets of "(-iC" is m + 1. Since m + 1 > n, we are done. (d) "(->B". By 1.2.3, Β has, say, k left and k right brackets. We are okay, since k+1>kP (3) A has the form (Β ο C)—where "o" is any of Λ, V, —>, =. The I.H. applies on Β and C. Well, let's check the nonempty proper prefixes of (Β ο C). These are (quotes not included, of course): (i) "(". Okay, by inspection. ^Corollary is jargon that mathematicians, logicians, computer scientists, philosophers—and other reasoning people—use to characterize a statement that needs proof, but whose proof follows easily from another proved statement, or from the latter's proof. One then speaks of "A is a corollary of B", meaning that A easily follows from Β (and/or B's proof). The I.H. was not needed in this step. 27

INDUCTION ON THE COMPLEXITY OF WFF: SOME EASY PROPERTIES OF WFF

21

(ii) "(£>", where D is a nonempty proper prefix of B. By I.H., if m is the number of left and η the number of right brackets in D, then m > n. But the number of left brackets of "(D" is m+ 1. Okay. (iii) "(B'\ By 1.2.3, Β has, say, k left and k right brackets. We are okay, since k + 1 > k. (iv) "(β ο ". The accounting exercise is exactly as in (iii). Okay. (ν) "(Β ο D", where D is a nonempty proper prefix of C. By 1.2.3, Β has, say, A; left and k right brackets. By I.H., D has, say, m left and r right brackets, where m > r. Thus, "(β ο D" has 1 + k + m left and k + r right brackets. Okay! (vi) " ( f i o C " . Easy.

•

The following tells us that once a formula has been written down correctly, there is a unique way to understand the order in which connectives apply. 1.2.5 Theorem. (Unique Readability) For any formula A, its immediate predecessors are uniquely determined. Proof. Obviously, if A is atomic, then we are okay (nothing to prove, for such instances of A have no i.p.). Moreover, no A can be seen (written) as both atomic and nonatomic. The former do not start with a bracket; the latter do (cf. 1.2.6). 28

Suppose that A is not atomic. Is it possible to build this string as a formula in more than one way? Can A have two different sets of i.p., as listed below? (Below, when I say "we are okay" I mean that the answer is "no", as the theorem claims.) (1) (-iC) and (~Ό)? Well, if so, C is the same string as D (why?); so in this case we are okay. (2) (-iC) and (D ο Ε), where ο is any of Λ, V, —>, = ? Well, no (which means we are okay in this case too). Why "no"? For if (-iC) and (D ο Ε) are identical strings (they are, supposedly, two ways to read A, remember?), then "-i" must be the same symbol as the first symbol of D. Now the first symbol of D is one of "(" or an atomic symbol. None matches "-i". (3) (C ο D) and (Ε ο G), where ο and ο are any of Λ, V, —», = (possibly the same symbol) and either C and Ε are different strings, or D and G are different strings, or both? Well, no! (i) If C and Ε are different, then, say, C is a proper prefix of Ε (of course, C is nonempty as well (why?)). By 1.2.4, C has more left brackets than right ones, but—being also a formula—it has the same number of left and right ^So we cannot be so hopelessly confused as to think at one time that A has no i.p. and at another time that it does.

22

THE BEGINNING

brackets (by 1.2.3). Impossible! The other case, Ε being a proper prefix of C instead, is equally impossible. (ii) If C and Ε match, then ο and ο match. This forces D and G to be the same string, since the strings (C ο D) and (Ε ο G) are the same—okay again. Having answered "no" in all cases, we are done.

•

1.2.6 Exercise. Prove that the first symbol of any formula A is one of (1) a variable (2) Τ (3)± (4) a left bracket Hint. Induction on formulae, or directly from an analysis of formula-calculations (1.1.3). •

<S><S> 1.2.7 Exercise.

In footnote 20 of p. 15 we defined the concept of subformula, saying: "A subformula of a formula A is a substring of A that is also a formula." This definition does not offer itself toward showing rigorously that, e.g., "If all the occurrences of a subformula Β of A are replaced by the same Boolean variable, say p, then the string so obtained is a formula." Do the following: (1) Try to contradict me (I said, "This definition does not offer itself toward showing rigorously that, e.g ") (2) Regardless of how you did in (1), give an inductive definition of the concept subformula. (3) Now use (2) to prove by induction on A that "If all the occurrences of a subformula Β of A are replaced by the same Boolean variable, say p, then the string so obtained is a formula." • 1.3

INDUCTIVE DEFINITIONS O N F O R M U L A E

Now that we know (by 1.2.5) that we can decompose a formula uniquely into its constituent parts, we are comfortable with defining functions (more generally "concepts") on formulae by induction—or recursion—on formula complexity, or as we rather say, "by induction—or recursion—on formulae". This recursion will define the concept as follows: 29

• (Basis) If A is atomic, we define the concept (or function) directly, depending on what we are trying to achieve. • If A is (->B), then we "call" the definition recursively to define the concept for B. Depending on the nature of the concept we then, taking the presence of -i into account, extend the concept to the entire A. Some people prefer to use the term induction for proofs, and recursion for constructions. Others do not mind using the term induction for either.

INDUCTIVE DEFINITIONS ON FORMULAE

23

• If A is (BoC), then we "call" the definition recursively for Β and C. Depending on the nature of the concept, taking the presence of ο 6 { Λ , V, Ξ , —>} into account, we extend the concept to the entire A. I will merely state that the above process is feasible because of 1.2.5, which allows us to have uniquely determined "components" of A, its i.p., on which we perform the "recursive calls". A rigorous proof that indeed the process works, that we can effect recursive definitions on sets such as WFF, which themselves have been inductively defined (1.1.7), is beyond our aims. This subject is fully considered in [54]. 13.1 Example. We consider here a simple example that shows what can happen if we attempt a recursive definition on a set of formulae that were defined in a manner that the uniqueness of i.p. was not guaranteed. This time we define simple arithmetic formulae, without variables. As an alphabet we take {1,2,3,+,x} Inductively, we define the set "arithmetic formulae", AR: AR is the smallest possible set of strings over the alphabet (I) that contains the strings of unit length, I, 2 and 3, and, moreover, if the strings X and Y are in AR, then so are Χ + Y and Χ χ Y. The strings 1, 2, and 3 are the atomic formulae of AR. The concept i.p. is defined on the formulae of AR in the obvious manner: The atomic formulae do not have any i.p., and X + Y and X xY have, each, X and Y as i.p. 1 + 2 χ 3 is an example of a formula in AR that does not have a unique i.p. Indeed, according to the definition, we have two sets of i.p. here: { 1 , 2 x 3 } and {1+2,3}. Both i.p. sets are correct. Remember that any agreement on the priority of the connectives—and we entered into no such agreement—i'j not part of the rigorous definition of formula syntax for AR, thus, let us not assume that any such agreement is implied here! -

But why do we fear the multiplicity of i.p. sets for 1 + 2 χ 3? Let us attempt to define an "evaluation" function, inductively, on the set AR. We will call it EV. Here is the "natural" definition EV: EV{\)

1

EV{2)

2

EV(3)

3

EV{X + Y)

EV(X) +

EV(Y)

EV(X χ Y)

EV{X)

EV(Y)

χ

24

THE BEGINNING

Now, what is EV(l + 2 x 3 ) ? To answer this, we need to decompose 1 + 2 x 3 into a set of i.p. so that we can next do our recursive calls of EV (see the two last cases in the definition of EV). Unfortunately, we obtain two distinct answers! First we compute according to the decomposition { 1 , 2 x 3 } : EV(l

+ 2 x 3 ) = EV(1) = EV{\)

+ EV{2 + (EV{2)

χ 3) χ

EV(3))

= 1 + (2 χ 3) = 7 Next, let us do so according to the other decomposition, {1 + 2,3}: EV(1

+ 2 x 3 ) = EV{1

+ 2) χ

EV{3)

+ £V(2)) χ

= (EV(1)

EV(3)

= (1 + 2) χ 3 = 9

•

"NaturaF', or "only"? I said earlier: "Here is the "natural" definition EV." But is there any other? Yes, infinitely many! We must get used to the idea that once we define the syntax of a set of strings—of a formal language, as we say in the theory of computation, the language here being AR—we do not have anything more than the syntax, i.e., the knowledge of the "shape" of such strings. All strings in AR are "meaningless", and their semantics (or interpretation) is totally up to us. The variety of such interpretations at our disposal is infinite. I wanted the above example to be immediately relevant to our existing knowledge, to be "natural". That is why I gave the meaning to all the meaningless symbols of alphabet (1) that anyone would likely expect. However, a "meaningless" symbol such as " 1 " may stand for infinitely many different objects of mathematics. Staying in algebra, I will mention the following (infinitely many) interpretations: The symbol may be interpreted, as here, to be the number "one", but also as the unit "2 χ 2" matrix

/I

0

V° ι or the unit "3 χ 3" matrix

or... But "unit" of some sort or another is not an intrinsic meaning of " 1 " . The symbol could stand for the number 0, or 42, or for some other mathematical object.

INDUCTIVE DEFINITIONS ON FORMULAE

25

Similarly, the meaningless symbol " + " can be interpreted as "plus" on numbers, but also as "plus" on η χ η matrices (for various n), and also as concatenation of strings, union of so-called regular expressions, etc. Similar comments hold for all the other symbols of the alphabet (1). There will be two main examples of recursive definitions in this section. The first follows the definition of the concept of state and is the inductive definition of value of a formula in a state. This leads to Boolean formula semantics. The other will be the inductive definition of substitution of a formulae into a variable, an operation that is central in the use of the "Leibniz rule" in proofs. But first, let us introduce states and Boolean semantics. As we said early on (p. 6), Boolean logic is a subset of the (full) logic on first order languages and is, mainly, a pedagogical tool, since it is "easy" and therefore its study painlessly trains us and prepares us for the study of predicate logic. Does it have any other use? Yes. We can imagine that the Boolean variables of propositional logic are "abstractions" of statements in mathematics, computer science, philosophy, etc. By the term abstraction of a statement I mean the assignment of a name—a Boolean variable—to it, purposely forgetting the intrinsic semantic content (i.e., what it says) of the original statement. As an example, we can decide the logical correctness or not of the statement 30

x=

No - >

x =

No V

y > Hi

(*)

within Boolean logic by the method of abstraction, not bothering with the fact that most of the symbols above—i.e., x, y, =, >, N , Ki—are not even in the alphabet V of propositional logic! Indeed, we abstract the elementary statements "χ = Νη" and "y > Ni", naming them, say, ρ and q. Since they are two distinct statements, I used two distinct Boolean variables. Thus (*) becomes ρ —> ρ V q (**) 0

31

and, as we will soon see, it holds independently of what hides under the names ρ and q. Two useful observations are motivated from this example on abstraction and are noteworthy: • The "object" of propositional logic is not the study of the elementary "statements" (or "propositions"), that is, of the Boolean variables and their intrinsic "semantic content". After all, variables have no intrinsic semantic content. Once we name through such a variable an "elementary"—i.e., connectivefree—substatement, we turn around and forget the meaning of the original! To put it positively, the "object" of study is, exclusively, the Boolean connectives and their behavior. E.g„ advanced texts such as [45,53] introduce predicate calculus directly and do not cover propositional logic. What makes them "elementary" is that they do not involve Boolean connectives. 30

3 1

26

THE BEGINNING

• The statements that we can abstract are not restricted to those mathematical ones (or other) that are variable-free, like "3 = 9 —> 7 > 101". E.g., the elementary statement "x = No" above depends on the variable χ and therefore whether it is intrinsically true or false is indeterminate (depending on the value of x). But this did not hinder our abstraction in any manner! Here is why: In the process of abstraction—to which we come back in detail in 4.1.25—the Boolean variables that we use as names do not inherit the semantic content of the statements they name. Thus we do not care whether the truth or falsehood of what a Boolean variable names can be determined or not! The only thing that matters is the Boolean structure of the original statement, that is, how the original statement is put together where the connectives act as "glue". In the previous example, all we needed to know was that the statement had the Boolean structure (**). The semantics of Boolean formulae is defined—in the metatheory of prepositional logic—through a process that allows us to calculate whether a formula is true or false, and this under certain conditions. Our aim below is to make precise what we mean by "conditions", and to give the process according to which we calculate the "truth value" of a formula under any conditions. As you probably know from programming courses, only two values are possible for a formula in "classical" Aristotelian logic as well as in its descendant, mathematical logic, which we study here. These two values are true and false—which we collectively call truth values. Thus we need a set of two distinct objects, which we will find outside the alphabet V, in logic's metatheory. We freeze, i.e., reserve, these two values in this volume and they will serve, to the last page, as our truth values. Our choice is the set {t, f} of truth values. We will pronounce t as true and f as false. Some programming languages, but even books on logic, use different sets of truth values, such as {0,1}. At the end of the day, neither how we write them down nor how we pronounce the truth values matters, as long as we have exactly two distinct ones! 1.3.2 Definition. A state v is a function that assigns the value f or t to each Boolean variable, while it assigns necessarily the value f to the constant _L and necessarily the value t to the constant T. We pronounce f and t "false" and "true" respectively. On the chalkboard one usually denotes them by / and t respectively. If, say, the value f is assigned to q", then we write v(q") = f. • 32

•'V for value. Alternative letter is "s" for state.

INDUCTIVE DEFINITIONS ON FORMULAE

27

1.3.3 Remark. (1) A state υ is one of the infinitely many possible "conditions" where we are interested in finding the truth value of a formula and where it is possible to compute such a value. (2) A function υ is, of course, a table of input/output values such as in

out

1

f t t f

Τ ρ

9

where no two rows contain the same input. Disobeying this condition would result in ambiguity, assigning to a variable both values f and t. By definition, a state is an infinite table, so we cannot fit it on a page. Mathematically, it is an infinite set of input/output ordered pairs. Since the truth values f and t lie outside the alphabet V (p. 9) of our logic, they are symbols that, despite the similarity of their pronunciation with that of the names of the "meaningless" formal ± and Τ respectively, are different from the latter. In particular, neither the metasymbol f nor the metasymbol t may appear in a formula! But why the fuss of assigning the values f and t to the (formal) variables and constants? How does this process give a "meaning" to the variables and constants? Why do we need the f and t? Where do they come from? Aren't these two symbols, well, just symbols? If so, what do we gain by their introduction and why are the J., Τ "meaningless" while the f and t are "meaningful"? What is their understood meaning? These are good questions! Here are some answers: • The symbols _L, Τ (but also -ι, V, Λ, =, —>) are "meaningless" in the sense that we know nothing of them besides what the axioms will lead us to know: Their behavior and properties are determined only by the axioms and the rules of writing proofs in Boolean logic. On the other hand, the symbols f and t (as well as the counterparts of ->, V, Λ, = , —>, namely, the F-,, F etc.—see the table in 1.3.4) are directly given via tables in the metatheory, as part of the elementary "Boolean algebra" that we learn in computer programming. It turns out the properties of the latter faithfully track the properties of the former, and thus in a natural way provide a "concrete" interpretation of the former. v

• An analogy may shed more light on the above discussion: Think of axiomatic Euclidean geometry. There we learn the properties of, and interrelationships between, the "meaningless" concepts of point, line and plane by rigorous proofs that are based on the axioms and proof-writing rules, but on nothing

THE BEGINNING

else. Yet, there is another, "naive", kind of geometry, analytic geometry. In this geometry, a "point" is not something abstract whose properties we wait to learn from axioms; rather, it is a concrete, well-understood object of mathematics: an ordered pair of real numbers, (x, y). Similarly, a (planar) "line" is an algebraic expression on two variables χ and y and real coefficients a, b, c: ax + by = c. One finds that properties of the abstract (or "meaningless") points and lines of the axiomatic version are faithfully tracked by those of the corresponding concepts of the "naive" versions. In this sense, the points and lines of the latter provide a "concrete" interpretation of the points and lines of the former. But why interpret? Because even if we are determined to write proofs solely based on axioms and rigid rules of logic, it aids our motivation and ability to formulate such proofs if we have a "concrete" counterpart in mind. For example, another interpretation of axiomatic geometry is that of geometric drawings, "figures" as we say. You will recall from your high school years how helpful these figures were in your formulation of proofs in geometry. The geometer M. Pasch once wrote a totally figureless monograph on axiomatic geometry, presumably to emphasize that the figures we draw in geometry are only intuitive visual aids that are theoretically redundant. Yet, it seems that the human brain does well with some sort of assistance, be it visual or some other well-understood concrete representation of abstract objects, toward understanding and formulating abstract arguments. Analogously with the above, we are often motivated and aided by our knowledge of informal Boolean algebra—that is, the set {f, t } and the various operations on it as introduced in 1.3.4 below—as we construct proofs in axiomatic logic. Interpretations of abstract concepts by concrete ones provide a powerful tool toward building counterexamples: The "faithful" nature of such interpretations means that if I can prove a statement involving abstract concepts, let us call it A, then its concrete counterpart, let us call it A', is also verifiable. Turning this around I get a very useful observation: If I believe that A is not provable, I can offer indisputable evidence for this provided I can show, in the concrete domain, that A' is false. This comment will make more sense later, in 3.1.5. Hmm. It appears that this discussion builds too strong a case for the import of the "naive" or "concrete" approach, even though early on (p. 4) I said that the abstract (syntactic) approach will be favored in this book. I quote: We will learn that correctly written proofs are finite and "checkable" means toward discovering mathematical "truths". We will also learn via a lot of practice how to write a large variety of proofs that certify all sorts of useful truths of mathematics. The above task, writing proofs—or "programming in logic " if you will—is our main aim.

INDUCTIVE DEFINITIONS ON FORMULAE

29

Yet, we noted that the concrete methods track the abstract (axiomatic) approach faithfully. They provide motivation and aid the construction of proofs. They provide definitive evidence regarding the falsehood of mathematical statements. Then why bother with the axiomatic approach? When it comes to logic, would it not be best to work exclusively with Boolean algebra instead? There are a number of reasons why the axiomatic approach has attained a prominent status, even in the undergraduate curricula: (a) There is more to logic (predicate logic of Part II) that cannot be tracked by Boolean algebra. For predicate logic the concrete counterparts are in general infinitary, i.e., deal with infinite sets and operations with infinitely many arguments, such as searching an infinite set to determine if an object belongs to it. By contrast, syntactic proofs of the axiomatic method continue to be finite processes. Where the advantage lies is clear! (b) The axiomatic method was introduced as a mind-focusing device: Focus on what matters, via axioms and rules, and discard all that is extraneous to our assumptions. The approach literally saved mathematics from the paradoxes that the purely concrete, or naive, set theory of Cantor introduced. (c) The axiomatic method makes logic—and any theory that we build upon logic, e.g., modern set theory, Peano number theory—a mathematical object, just as a programming language is a mathematical object. This allows us to use mathematical tools to study logic—and any mathematical theories built upon it—as to its power, limitations, freedom from contradiction, etc. • 1.3.4 Definition. (Truth Tables) There are five operations or functions, the Boolean functions, that take as inputs only values from the set {f, t} and produce as outputs only values in the same set. The symbols we choose for these functions, one symbol for each Boolean connective, are F-.(x), Fy(x, y), F^(x, y), F^(x,y),

F=(x,y)

and their behavior is fully described by the following table, known as a truth table. χ

y

f

f

t

f

t

t

t

f

t

t

Fv{x,y) f

f

F-*{x,y) t

t

t

f

t

f

f

t

f

f

f

f

t

t

t

t

FA(X,V)

• The following definition extends a state ν so that it can give a Boolean value, hence meaning, to all formulae. Note that originally ν gave a value only to atomic formulae.

30

THE BEGINNING

In essence, the definition gives meaning to the Boolean connectives, as it is clear from the fact that there is a case for each connective of how to compute the value. Pedantry requires that the extension of ν below be denoted by a different symbol, say v, since, after all, the extension is a much bigger table. While the original had a row only for every atomic formula, the extension has a row for every formula. But now that you know about this quibble, we feel safe to use the same symbol, "v", for both. 1.3.5 Definition. (Value of a Formula in a State v) Below I use the metavariable "p", so that the "first" equation actually represents infinitely many, one for each variable in the alphabet V: υ(ρ) = whatever we originally assigned to p ; t or f v(T) = t t/(±) = f v^A))

=

v((AAB))

=

F^{v(A)) F*(v(A),v(B))

v((AvB))=F (v(A),v(B)) v

v((A^

B))=F^(v(A),v(B))

v({A = BJ) = F=(v(A),v(BJ)

•

The symbol " = " above is the "equals" sign of the metatheory, and means that the left-hand side and right-hand side values are the same (equal). It is not a formal symbol for (at least) two reasons: (1) Our V does not include " = " (2) The definition above compares informal (metafheoretical) values (t and f). Why the above definition works is clear at the intuitive level: Lack of ambiguity in decomposing a nonatomic formula C, i.e., uniquely, as one of (-Λ), [A A B),(A\/ Β), (A —> Β), {A — B) allow us to know how to compute a unique answer. The why at the technical level is beyond our reach (the demanding reader can find a proof in [54]). The convenience of truth tables can be extended to rephrase the recursive equations in the above definition (from the 4th equation onward). For example, the 5th equation is represented in table form as AAB

A

Β

f

f

f

f

t

f

t

f

f

t

t

t

INDUCTIVE DEFINITIONS ON FORMULAE

31

The way we read the above is that for all possible values of the not necessarily atomic formulae A and Β we have listed the correct value of Α Λ Β. We do not care how A and Β actually obtained their values. Indeed, we do not care how Λ and Β are built; they can be as complex as they like. Here is an example of a definition of a "concept" regarding formulae, by induction on formulae. 1.3.6 Definition. (Occurrence of a Variable) We define "p occurs in A" and "p does not occur in A" simultaneously. Occl. (Atomic) ρ occurs in p . It does not occur in any of q, Τ, ±—where q is a variable distinct from p. Occ2. ρ occurs in (-Λ) iff it occurs in A. Occ3. ρ occurs in (Α ο Β)—where ο is one of Λ, V, —• , =—iff it occurs in A or Β or both. • 33

1.3.7 Remark. We wanted to be user-friendly (which often means "sloppy") in the first instance, and said that the above defines a "concept": "Occurs'V'does not occur". In reality, all such "concepts" that we may define by recursion on formulae are just functions. For example, this "concept" can be captured by the function "occurs(p, A)", where occurs{p, A) = 0 means " p occurs in A", and occurs(p, A) = 1 means "p does not occur in A". • 1.3.8 Remark. (Finite "Appropriate" States) A state ν is by definition an infinite table. Intuitively, the value of a formula A in any state ν should depend only on the values of the variables that occur in A and on no others. Thus, for any one A, the state could be truncated into a finite table "appropriate" just for A—defined on all the variables of A but undefined elsewhere—without altering the Boolean value of A. Such a table would have one row for each variable that occurs in A, plus the two rows for ± and Τ—which in the end can be omitted as they offer no surprises. Our intuition is correct. Here is a proof by induction on A of the relevant statement: Ifv and v' are two states that agree on the variables of A, then v(A) = v'(A), where "= " is metamathematical equality on the set {f, t}. The proof, as it must, goes back and forth among Definitions 1.3.6 and 1.3.5 while, tacitly, it is also mindful at all times of how formulae are formed, going from less to more complex ones (Definitions 1.1.5 and 1.1.10). Basis. If A is atomic, then either (1) It is a constant, and hence v(A) = v'[A) by Definition 1.3.5, equations two and three, or Needless to say, by the "iff", it does not occur exactly when we have both: It does not occur in A and it does not occur in B. ,3

32

THE BEGINNING

(2) It is p. By assumption, υ(ρ) = v'(p). Okay! Complex formulae have two main shapes: Case where A is (->C): The I.H. applies to C. We use it as follows: (1) Since (1.3.6) C and -Ό have precisely the same variable occurrences, it is that ν and v' agree on the variables of C. (2) By I.H. we get v(C) = v'(C), and so v(-^C) = v'{^C) by 1.3.5. 34

Case where A is C ο D: By Definition 1.3.6 (Occ3), each of C and D have all their variables also occur in C o D; therefore, by assumption, ν and v' agree on all the variables that occur in C and D. By I.H. v[C) = v'(C) and v(D) = v'(D). By 1.3.5, v{C ο D) = v'(Co D). This concludes the proof. • 1.3.9 Definition. (Tautologies) Boolean logic is primarily interested in those formulae that are true (t) in all possible states. Such formulae are called tautologies and because of their "shape", i.e., the way they are put together from atomic formulae, brackets, and connectives, are "always" true. We use the shorthand notation 1 = ^ A to indicate that A is a tautology. • In view of 1.3.8, when checking a formula A for tautology status, we need to check it only on all finite states appropriate for A. If and only if we find that its value in all those states is t, then it is a tautology. Thus there is a finite process to do this, however, one that at the present state of the art is ridiculously inefficient: To so check an A that has η Boolean variables (occurring in it) we need a truth table of 2" rows. Current research on the "P = NP?" question of Cook ([5]) converges toward the opinion that it is highly unlikely that we will ever have a way to check tautologyhood, deterministically, in a manner appreciably more efficient than constructing a truth table. This is one additional reason why we are interested in discovering tautologies in a different way, nondeterministically, one that allows shortcuts in the calculation by allowing the prover to guess the correct next step from a set of candidates, whenever such a choice is offered, thus avoiding having to check all possible avenues that offer themselves. These guesses, when possible, are informed by experience and human intuition and ingenuity and shorten the process of tautology verification. Enter (syntactic) "proofs" of the next section. 35

1.3.10 Example. (Some tautologies) Τ and ρ —» ρ are tautologies. The latter follows from v(p —> p) = F_(v(p),v(p)) and the truth table on p. 29. How about ρ —> q —> p? First, remember that this is sloppy for (p —> {q —> p)). Thus the last connective to act is the leftmost. ^The I.H. is invariably "assume the claim for all formulae less complex than A". As such, it deserves no explicit mention. It is not known whether there is a fast nondeterministic algorithm that verifies every tautology. But even if we discover one such, it is unlikely in view of what I said above that we can eliminate the nondeterminism without significant speed loss. 35

INDUCTIVE DEFINITIONS ON FORMULAE

33

Here's the general technique: The table below has two components. The statepart consists of the first two columns. Each row of these columns is a finite state appropriate for the formula. The value of the formula in each state is found beneath the last-to-act connective in the process of 1.1.3. To compute this value, we use the values v(p) and that of q —> p. The values of the latter are aligned under the relevant connective, the "—•" of the subformula q —> p. In general, in the value part we align the values that we compute under the connective that acted last in the subformula we are evaluating. ρ

q

ρ

->

q

(3)

0)

->

ρ

(2)

f

f

t

t

f

t

t

f

t

f

t

t

t

t

t

t

The number headings (l)-(3) above indicate the order in which the columns are built. By the way, we have just verified that (=caut Ρ —* q —* PWhat about A —* Β —> A where A, Β are arbitrary formulae? Can we settle this question without knowing the particular ways that A, Β are put together from variables, connectives, and brackets? Yes! No matter how they are put together, in any state ν we have that each of A, Β attain one of two values t or f. Thus the exact same table as the above, but this time using A, Β and A —> Β —» A as column headings, A

Β

->

Β

->

(3)

(2)

f

t

t

(1) f

A

f

t

t

f

t

f

t

t

t

t

t

t

A

settles the question: We have [ = i A—* Β —> A. We must be sure to read the above table correctly. We are not saying that we are assigning values to A and Β (we can assign values only to variables and constants). We are saying that the possible pairs of values of A and Β—in that order—no matter what state we are in, will be among the four listed in the table. Then using Definition 1.3.5 we fill in the last two columns of the table. • a u l

There are three more concepts related to tautologies that we want to introduce, but first some notation:

34

THE BEGINNING

We use the metavariables p , q, r, qg,. • • for variables, and Α, Β, E, Q for formulae. What shall we use for sets of formulae! Convention: We denote sets of formulae by certain capital Greek letters, as a rule, by those that cannot be confused with Latin letters. Thus Γ, Δ, Σ , θ will always stand for sets of formulae (such sets may have zero, one, two, three, one million, or infinitely many members). Of course, we use these letters to denote such sets if either (i) We do not care what are the members of a set of formulae or (ii) We do care, but we are going to refer to that set over and over again in an argument; thus rather than, say, writing {_L, ρ, ρ —> q,p —»-^q} over and over again, we may give it a name saying, "Let Σ stand for {±, ρ, ρ —> q, ρ -* -><j}." By the way, we must not confuse the set {A} with its member A. These are different. Think in terms of types (as in programming languages): {A} is an object of type set while A is an object of type formula. 36

1.3.11 Definition. A formula A is satisfiable iff there is at least one state ν where v(A) = t. A set of formulae Γ is satisfiable iff there is at least one state υ where for every formula A in Γ, v(A) = t. We say that ν satisfies Γ. We say that Γ tautologically implies A—and write Γ ( = A— iff for every state ν that satisfies Γ we must have v(A) = t. We call Γ the hypotheses (plural, in general) or premises of the implication, while A is the conclusion. We say that a formula A is unsatisfiable or a contradiction iff for every state v, we have v(A) = f. We say that a set Γ is unsatisfiable ifffor every state ν there is at least one A in Γ such that v(A) = f. • uut

By convention, logicians write the simpler A f=taut Β for the correct {A} (= B, and more generally, prefer to write A\,..., A \= Β rather than the correct (but pedantic) {A ,...,A } \= B. Note that intuitively, a tautology A is true, no questions asked, and must be accepted as such. On the other hand, the conclusion of a tautological implication is only relatively true, relative to the premises, that is: // we accept the premises as true, then we must also accept the conclusion as true. This relativity of truth is at the heart of mathematics. For example, if we accept Euclid's "5th postulate" as true, then we must accept that the sum of the angles of any triangle equals 180 degrees. This is a relative truth, since Euclid's 5th postulate is not an absolute truth. Accepting any one of its possible negations leads to a totally different (relative) truth regarding the sum of angles in a triangle. Uut

n

x

n

aat

aut

37

38

39

W e may also say, "Let Σ = {_L, ρ, ρ —» q, ρ —• ->g}." It states that through a point that lies outside a given line it is always possible to draw a unique line parallel to the given one. "Strictly speaking, this example lies beyond Boolean logic, since we need predicate logic in order to "speak" and do Euclidean geometry. Nevertheless it illustrates the phenomenon of relativity of truth in a familiar branch of mathematics. O n e possible negation is that you can draw two parallels (Lobachevsky). Another is that you can draw no parallels at all (Riemann). 36

37

,9

INDUCTIVE DEFINITIONS ON FORMULAE

1.3.12 Example. We can in principle verify A ,.. .,A x

p

q a state

Αι

•••

\=

n

Β

n

all t

Β via a truth table

M

A

35

must be t too

We look only at those rows that have t everywhere between the two "||" vertical dividers. We must ensure that these rows have a t under Β as well. By the way, the Ai and Β being, in general, complicated formulae, we need the "p, q,..." columns to the left of the leftmost || in order to compute the values of the Ai and Β in all states. In general, when checking Ai,...,A„ \= B, one cannot avoid building the whole truth table (or doing some equivalently laborious task) for the following reasons: (1) As we have said, at the present (and foreseeable) state of the art there is no way to check whether A is a tautology any more efficiently than it takes to build the whole truth table, in terms of the variables p, q,..., of A. (2) If we had a substantially faster algorithm for tautological implication, we could use it to also establish tautologyhood fast, since |=taut A iff Τ (=„„,, A. However, in many cases of practical interest we can do better since we need to only check the rows that have exclusively t's between the two || dividers, and ignore all the other rows. Sometimes we can identify these rows without building the whole table. For example, we can quickly see that A, Β j=taui A A Β since whenever v(A) = v(B) = t we have υ(Α A B) = t (cf. 1.3.5). We did not compute the other three rows. A more substantia) example is aat

A V Β, -Α V C \=

ailt

BvC

If this is done by the full table method we need 8 rows to compute the values of A V Β, -.A V C, Β V C for all possible ordered triples of values v{A),v{B),v{C). But instead, let us be clever: Okay; we merely need to compute the value v(B\/C) on the condition that v(ylv5) = ti(-i/lvC) = t (1) We analyze (1) according to two cases: (i) v(A) = f: By (1) and 1.3.5, v(B) = t. But then υ(Β V C) = t by 1.3.5. (\\)v{A) = t: By(l)and 1.3.5,v{C) = t. But then v(BvC) = t b y 1.3.5. • 1.3.13 Example. Here is a really important example: _L \=^ A. Well, I need to ensure that for every v, where v(±) = t, I also get v{A) = t. Since no υ satisfies v(±) = t—i.e., there are no rows to check—I am done. We have seen such situations before. The statement is vacuously true. Like before, one can explain this by saying, "The only way to refute ± \=mut A is to find a ν where υ(±) = t but v(A) = f. But such a task must fail as no ν satisfies = t." • at

36

THE BEGINNING

Here is a simple but nice exercise that you must try: 1.3.14 Exercise. (1) Show that ^=, A iff 0 [=„,„, A. (2) Show that Αι,...,Α \=^ Β iff \=tw Αχ -> A -> ... A -> β . (3) Show that Γ hum β iff Γ U {-·β} is unsatisfiable. We note here that for two sets Γ and Σ the notation Γ U Σ—called the union of Γ and Σ— denotes the set that contains every member of Γ and every member of Σ. • aut

η

Μ

2

n

We conclude this section with the definition of substitution in a Boolean expression, and with the proof of two important properties of substitution. Intuitively, the symbol" A[p := β ] " is shorthand that means—i.e., expands into— the string we get if we replace all occurrences of the variable ρ in A by the formula B. We may think of this operation as defining a function from formulae to strings: Input: Α, ρ, B; output: the string denoted by A[p := B). In order to read the following definition of substitution correctly, we emphasize that the "operation" [ρ := β] takes place in the metatheory and has the highest priority against all other "formal operations", i.e., the Boolean connectives -ι, Λ,ν,—>,=:. For example,-Ά[ρ := β] means ->{A[p := β ] } , where the symbols " { , } " are here meta-brackets inserted to indicate the order of application of "operations". Naturally, because of its placement, this operation is Ze/r-associative, so that A\p := B][q := C] means {A[p := B]}[q := C}. 1.3.15 Definition. (Substitution in Formulae) In whatfollows, "=" denotes equality in the metatheory, here between strings. The definition states the obvious: (1) It handles the basis cases in the trivial manner, and (2) when A is actually built from i.p. (cf. 1.1.10), it says that we substitute into each i.p. first, and then apply the connective. As we usually do in definitions we are careful not to use formula abbreviations. All brackets are present. Note the use of metavariables. ifA = p if A = q (where ρ Φ q), or

β A A[p := β] = (^C[p:=B}) { (C[p := Β] ο D[p := β])

A = T , or A = J. if A = {-

where ο is one of Λ, V, — = .

•

We state and prove two easy and hardly unexpected properties of substitution: 1.3.16 Proposition. For any formulae A and Β and variable ρ, A\p := β] is a (well-formed!) formula. 40

A proposition is a theorem—here, metatheorem—that did not quite make it to be called that. You see, people reserve the term theorem, or metatheorem, for the "important" or earth-shattering stuff that

4 0

PROOFS AND THEOREMS

37

Proof. Induction on A, keeping an eye on Definition 1.3.15. Basis. If A is atomic, then we get either A or Β formula; okay in either case. Complex formulae have two main shapes: A is (->C): The I.H. applies to C, thus C[p := B] is a formula. Then so is (-.C[p := B\) by 1.1.7. A is ( C o D): The I.H. applies to C and D, thus C [ p := B] and D[p := β] both are formulae. Then so is (C[p := Β] ο Z)[p := β ] ) , again by 1.1.7. • 13.17 Proposition. If ρ does not occur in A, then A[p := B] = A, where for convenience we once more use " = " as metamathematical equality of strings. Proof Again, by induction on formulae A: Basis. A can only be one of q (q Φ ρ), Τ, or ± , by Definition 1.3.6. Then, by Definition 1.3.15 (2nd case), A\p := B] = A. Okay, so far. Complex formulae have two main shapes: A is (-iC): Does ρ occur in C ? No, by assumption (it does not occur in A) and definition of occurrence (1.3.6). Now, the I.H. applies to C , thus C [ p := B] = C. We are done by 1.3.15, case 3. A is (C ο D): By 1.3.6 (Occ3) ρ occurs neither in C nor in D. The I.H. applies to both these subformulae; thus C[p — B] = C and D[p := B] = D, and we are done by 1.3.15, case 4. • 1.4

P R O O F S AND T H E O R E M S

We are ready to develop a calculus that we may use to write down theorems. We will learn to "calculate theorems" just as we have learned to "calculate" ( = "parse") formulae. Boolean logic is a (crude) vehicle through which we formulate and establish mathematical truth. This truth is captured absolutely (tautologies) or relatively to certain premises (tautological implications). Thus, when we do Boolean logic, our main task is to discover and verify tautologies, and more generally, to discover and verify tautological implications. We have already remarked that the presently known mechanical ways to check for tautology status as well as to verify tautological implications are hopelessly inefficient, and that there is every indication that an efficient tautology (or tautological implication) checker will never be discovered. One turns to utilizing human ingenuity and experience—in other words, utilizing (educated) guessing—toward effecting serious shortcuts in the process of certifying tautologies and tautological implications. This guessing (or "nondeterministic") we prove. All else that we prove are just propositions (or lemmata—singular: lemma) if they have just "auxiliary status", just like FORTRAN subroutines; or they are corollaries, if they follow trivially—more or less—from earlier results.

38

THE BEGINNING

process of certifying tautologies and tautological implications is syntactic rather than truth table driven (semantic) and is called theorem proving. The theorems that we will learn to prove with this new syntactic technique will be either absolute truths (tautologies) or truths that are relative (conclusions of tautological implications) to certain assumptions that we have accepted. Our major concern as we are founding this syntactic proof calculus will be to ensure that whatever tools we utilize are capable of certifying all absolute and relative truths, and only those. That is, these tools will never "certify" a falsehood as a "theorem". Our degree of success in implementing these requirements will be assessed later (Section 3.1 will assess the promise for only those, while 3.2 will assess the one for all). As I said before, I kind of like the terms calculate theorems and theorem calculus as they remind us that proving theorems is a precise syntactic (synonym for formal, i.e., depending only on form) algorithmic process. This observation is the origin of the alternative name of equational logic of [11]: calculational logic. However, most logicians and mathematicians would proclaim that they "proved" (rather than "calculated") a theorem and would rather call a theorem-calculation a proof. 41

First off, a theorem-calculation or proof h a finite sequence of formulae, entirely analogous to formula-calculations. Each formula occurring in a proof will be called a theorem. The specifications of formula-calculations are the following two: (1) A formula-calculation must start with the simplest possible kind of formula: one that is "primitive", i.e., atomic. (2) Every operation that extends the formula-calculation must preserve the property "formula": either it is the trivial operation of writing down an atomic formula, or it is an operation that acts on previously written formulae and produces a formula. Entirely analogously, as it flows from the preceding discussion in this section, the specifications of theorem-calculations are the following two: (1') A theorem calculation must start with the writing down of a formula that is among the simplest possible theorems—a "primitive theorem" for which the validation process is simply to write it down! We call such a formula an axiom. (2') Every operation that extends the theorem-calculation must preserve the property "theorem"; thus, it is either the trivial act of writing down another axiom, or it is applied to already-written theorems, resulting into a new theorem. Since a theorem calculation must certify truth, these nontrivial operations, or rules, must preserve truth. Technically, whenever they are applied to formulae A\,...,A and yield a formula β as a result, it is necessary that they obey A\,... ,A (= „, Β. n

n

ω

We have two types of axioms: The logical axioms are certain well-chosen absolute truths; therefore, they are certain tautologies. The other type we will call special axioms, but also assumptions or hypotheses. These are not fixed outright, but 42

•"Later there will be a weakening of this somewhat dogmatic statement. The qualifier well-chosen will be revisited later. 42

PROOFS AND THEOREMS

39

may change from discussion to discussion. They are not deliberately chosen to be absolute truths, but are formulae that we "accept as true" (cf. discussion on relativity on p. 34) simply because we are interested to explore what sort of (tautological) conclusions we may draw from them. In intuitive terms—since the quest for theorems is the quest for "mathematical truths", absolute or relative—the axioms are our initial truths. Our rules of reasoning will allow us to derive further truths from, and relative to, the axioms. The nontrivial operations that lengthen proofs (cf. (2') above) are called rules of inference. To achieve the purely syntactic character of proofs, the rules of inference are applied in a manner that the input/output relation is purely syntactic. For example, one of the two primitive rules, soon to be introduced, applies to any formulae of the forms A and A = Β and "outputs" B. The rule does not care about which specific formulae A or Β stand for, nor about the semantics of any of A,B,A = B. The only thing that the rule cares about is that it "sees" as input an equivalence on one hand, and the first formula of this equivalence on the other. It immediately "knows" that it must "output" the second formula of the equivalence. 43

44

45

In order to describe the rules of inference, we need formula schemata (or, simply, schemata). A schema is a string in the metatheory (i.e., outside logic) over the augmented alphabet that along with V (p. 9) includes the symbols "[", ":=", and "]", and all the syntactic variables for formulae and Boolean variables. The syntactic structure of a schema is, by definition, such that if we replace all the syntactic variables that occur in it by any specific formulae and variables, as appropriate, then the result names a formula of WFF. 46

1.4.1 Definition. (Schema Instance) An instance of a schema is the formula we obtain if we replace all its metavariables with specific objects (formulae/Boolean variables) as appropriate. • Here are some examples of schemata: (1) A: It is a formula-metavariable; if we replace the letter "A" by some formula, well, we get that formula as the result! (2) (A = B): This schema has two formula-metavariables, A and B. Whatever formulae we may replace A and Β with, we get a formula by 1.1.7. (3) A[p := B): This schema has two formula-metavariables, A and B, and a Boolean metavariable, p. Whatever formulae we replace A and Β with, and whichever Boolean variable replaces p, we get a formula by 1.3.16. For this reason, I suppose, some people call them temporary assumptions. However, temporaryh not a technical term. For example, Euclid's 5th postulate has no expiry date. Yet it is not an absolute truth. ^The qualification chosen is picked purposely: I do not want to rule out as special axioms any that, either by accident or on purpose, have been chosen to be tautologies. Analogously, when we defined the notation Σ Haut A, quite correctly we did not forbid the case where some formulae of Σ may be tautologies. W e will encounter many derived rules. These are not "given" or postulated up front, but we prove their validity. ^Schema, plural schemata (and, incorrectly but often, schemas), is Greek for form and figure. 43

45

THE BEGINNING

40

We often write the rules of inference as "fractions", like Pi,P2,...,P

n

(R)

Q

where all of P\,... ,P ,Q are formula schemata. We call the "numerator" the premise (case η = 1) or premises (case η > 1) and the "denominator" the conclusion or result of the rule. Instead of premises we also say hypotheses or assumptions. The Pi and Q are syntactically related so that one can mechanically check this input/output relation by simply looking at the form of the Pi and Q. We have already noted an example of this mechanical applicability of a rule such as Α, Α Ξ Β Β The input/output relation of a rule need not be "functional"; that is, the result of a rule need not be uniquely determined by the hypotheses (cf. Leibniz rule below). n

It is obvious why a rule is expressed in terms of schemata rather than specific formulae. Schemata allow a rule to be applicable to infinitely many formulae. If conclusion and premises were specific formulae, then there would be just one case where the rule would be applicable, which would hardly qualify it to be called a rule, a term that creates the expectation of applicability to a vast number of cases. Here is an analogy: The input/output relation on numbers "in:3 / out:9" is not a rule, but "in:a; / out:x " is. 2

How a rule like (R) above is applied will be clear in Definition 1.4.5. Let us finally introduce the two primitive rules of Boolean logic that we will adopt in this volume. 1.4.2 Definition. (Rules of Inference) The following two are our primitive or primary rules of inference, given with the help of the syntactic variables A, B, p, C: Infl

Β C[p := A] = C[p := B]

(Leibniz)

Inf2 A,A = B Β

(Equanimity)

An instance of a rule of inference is obtained by replacing all the letters A, B, C and ρ by specific formulae and a specific variable respectively. • The rule names conform to those in [17]. 1.4.3 Remark. (1) Why primary! Do we also have "secondary rules"? Yes. We will soon learn that we can apply additional rules in a theorem-calculation, which are not mentioned in the definition of proof below (1.4.5) because they are not theoretically

PROOFS AND THEOREMS

41

necessary toward defining proof and theorem. Such additional rules are not to be arbitrarily added to our toolbox without question. Instead, we will show before adding them, via a rigorous mathematical argument, that we are allowed to use them. This "allowed" means that there is nothing we can prove using these additional rules that we cannot prove without them. We call such additional rules derived rules, or secondary rules. Compare, once again, with programming languages. Some general-purpose procedural languages were designed not to contain the instruction goto because it was considered "harmful" by some influential computer scientists in the 1970s (cf. [10], which, arguably, started it all)—but not by all (cf. [28]). Nevertheless, one can prove that goto can be simulated by the originally given instructions. It is a "derived" kind of instruction in those goto-less languages. Harmful or not, one will agree that adding one more tool does add to convenience, in general. (2) Other than the "restriction" that the A, B, C and ρ are metavariables of the agreed-upon kind, there is no other restriction on the letters. In particular, we have no assumption on whether ρ actually occurs in C of the Leibniz rule. Either way, it is all right. (3) We have already discussed the mechanical nature of Inf2. That also Infl is mechanically applicable is clear: Once we have written "A = B", we can pick any formula C whatsoever and any variable ρ and construct the output, first effecting two substitutions and then connecting the results with the connective " = " in the indicated order. Note that the Leibniz rule is not functional: Infinitely many different outputs are possible for a given input A = B. • We now turn to our choice of axioms. Schemata; again. We noted already that the axioms will be "initial truths", and as such they will be selected tautologies. Suppose then, for the sake of discussion, that one of the tautologies of choice to attain axiom status is ρ Ξ p. But how about q = ql Or how about ρ V p' = ρ V p' and, indeed, how about (p V p' Ξ ρ V ρ') = (ρ V ρ' Ξ ρ V ρ')? AH these have the same form, namely A = A, where A stands for an arbitrary formula. Naturally, if we want to include ρ = ρ, then we will want to include all those tautologies that have the same "shape", A = A, as well, since surely they all state the same (absolute) principle: "Every statement is equivalent to itself." If this is a "truth" worth postulating, then it would be absurd to do so just for one of its special cases, just for the variable p. There are two main ways to achieve this generality: (1) The "modern" and rather obvious way: Rather than saying, "include ρ Ξ ρ and q = q and ρ V ρ' Ξ ρ V p' and (ρ V ρ' Ξ ρ V ρ') Ξ (ρ V ρ' Ξ ρ V ρ') and ...", we say, "include the schema A = A' This means include all instances of A = A (cf. 1.4.1). 1

42

THE BEGINNING

(2) The "old" way: "Include just ρ = ρ; however, add a new primary rule of inference called substitution." This rule

Α ^ Β ]

when applied to the formula "p = p" (that is, take A to be ρ Ξ ρ and ρ to be p) will be able to generate, by successive applications, all possible tautologies of the form B =

B.

There is a catch: Once you add rule (Sub) as a primary rule, you have to awkwardly hedge when writing proofs. The rule cannot be used in a theorem-calculation unless you know that the variable ρ does not occur in any formulae that are special axioms. This restriction in turn makes a very useful tool that we will soon obtain and learn to use—the deduction theorem—hard to state and even harder to apply. Thus, the old way is rightfully abandoned. In particular, we will not have any use for (Sub). 41

We next present the list of logical axioms for Boolean logic. The list is infinite, but because of the use of schemata it can be presented by a finite table. That is, there are only finitely many different forms of tautologies that we need to take as our starting point. These are largely the ones in [17] with a few adjustments. What the axioms do is to codify the most basic properties of the connectives. The following list both presents (in partially parenthesized notation ) and names the axioms. 48

1.4.4 Definition. (Logical Axioms of Boolean Logic) In what follows, A,B, C denote arbitrary formulae: Properties of= Associativity of Ξ Symmetry of Ξ

((A = B) = C) = (Α Ξ (Β = C ) )

(1)

(A = B) = (B = A )

(2)

Properties of J_, Τ Τ

vs.

_L

Τ Ξ Ι Ξ Ι

(3)

Properties of -> Introduction of -•

->A = A = _L

(4)

Properties of\l The current edition of [17] uses the old approach in Boolean logic (their Chapter 3) but switches to the modern approach for predicate logic (Chapters 8 and 9). One may assume that by the time the authors decided that the approach with schemata is better it was too late in terms of publication deadlines to rewrite Chapter 3 with schemata. •"•Recall that brackets associate from right to left.

47

PROOFS AND THEOREMS

Associativity of V

[A

Symmetry of V Idempotency of V Distributivity of V Over =

V

Β)

C = A

V

[Β

V

C)

(5)

Ay B = BV A

(6)

AV A = A

(7)

A\J{B

Excluded Middle

V

43

= C) = AVB

= A\JC

A V -Ά

(8) (9)

Properties of A Golden Rule

AAB

=A=B=AVΒ

(10)

Properties of —> Implication

A^> B = Av B = B

(11)

We will reserve the capital Greek letter "lambda", Λ, to denote the set of all logical axioms. This set is, of course, infinite. • The axioms of Λ, here, however, formulated in their schemata edition, are those that are customary in the "equational" (or "calculational") approach to doing logic, as presented, e.g., in [17] and [32], but with some minor differences—besides the essential one that [17] does not use schemata. For example, [17] uses Τ = A = A instead of (3). Moreover, our choice for (4) is natural, and hence easy to remember: It intuitively says "negating A is tantamount to saying that it is false" {A = _L). But [17] adopts instead a different axiom that eventually implies our (4): I quote it, but in schema form, "->(A = Β) = -Λ = B". This being intuitively less clear is also less memorable than the rest. We are ready to calculate! (Compare with Definition 1.1.3 and Remark 1.1.6(2).) 1.4.5 Definition. (Theorem-Calculations—or Proofs) Let Γ be an arbitrary, given set of formulae. A theorem-calculation (or proof) from Γ is any finite (ordered) sequence of formulae that we may write respecting the following two requirements: In any stage we may write down Prl Any member of Λ or Γ Pr2 Any formula that appears in the denominator of an instance of a rule Infl-Inf2 as long as all the formulae in the numerator of the same instance of the (same) rule have already been written down at an earlier stage We may call a proof from Γ by the alternative name Γ-proof.

•

1.4.6 Remark. (1) By definition, a Γ-proof is a purely form-manipulation construction without any reference to semantic concepts, such as t, f, etc. (2) We will call Γ the set of special axioms (Λ contains the "general" axioms). Special axioms are also called hypotheses or assumptions. Clearly, while Λ is reserved and "frozen" in the first part of this book, Γ can vary from subject to subject.

44

THE BEGINNING

(3) Any member of Γ that is not also in Λ we will call a nonlogical axiom. (4) Since any theorem-calculation from some Γ is a finite sequence of formulae, only a finite part of Γ and Λ may appear in such a calculation. This is entirely analogous with what happens in a formula-calculation: Each uses only a finite number of formal variables even though we have an infinite supply of those. • 49

1.4.7 Definition. (Theorems) Any formula A that appears in a Γ-proof is called a Γ-theorem. We write Γ I- A to indicate this. If Γ is empty (Γ = 0)—i.e., we have no special assumptions—then we simply write h A and call A just "a theorem". Caution! We may also do this out of laziness and call a Γ-theorem just "a theorem" if the context makes clear which Γ φ 0 we have in mind. We say that A is an absolute, or logical theorem whenever Γ is empty. • (1) Clearly, the symbol "h" of the metatheory formulates the predicate "is a theorem". (2) Definition 1.4.7 says that a formula is a theorem on one and only one condition: It occurs in some Γ-proof. We say that such a proof proves A from Γ, or from the hypotheses (of)T. In the common parlance of mathematics we may also say that "Γ derives A". (3) Note how in the symbol "h A" we take Λ for granted and do not mention it to the left of h 1.4.8 Remark. Thus, a Γ-proof of a formula A is a sequence of formulae B\,...,

B , A, C\,..., n

C

m

obeying the requirements stated in 1.4.5. It is trivial that if we discard the "tail" part " C i , . . . , C " of the sequence, then m

B ...,B ,A u

n

(1)

is still a proof. The reason is that every formula in a proof is either legitimized outright—without reference to any other formulae—or is legitimized by reference to formulae to its left. Thus (1) also proves A, since A occurs in it. This technicality allows us to stop a proof as soon as we write down the formula that we wanted to prove. • So, 1.4.7 tells us what kind of theorems we have: 1. Anything in Λ U Γ .

50

2. For any formula C and variable p, the formula C[p := A] = C[p := B], provided A = Β was written down already, and therefore is a (Γ-) theorem. 49

,n

That is, it does not speak about logic itself; logic does not need this axiom in order to function properly. We explained the notation "Λ U Γ" in 1.3.14 on p. 36, item (3).

PROOFS AND THEOREMS

45

3. Β (any B), provided A = Β and A were written down already and therefore are both (Γ-) theorems. Hey! The above is a recursive definition of (Γ-) theorems, and is worth recording (compare with Definition 1.1.7). 1.4.9 Definition. (Theorems, Inductively) A formula £ is a Γ-theorem iff Ε fulfills one ofThl-Th3 below: Thl £ i s i n A u r . Th2 For some formula C and variable ρ, Ε is C[p := A] = C [ p := B], and (we know that) A = Β is a (Γ-) theorem. Th3 (We know that) A = Ε and A are (Γ-) theorems.

•

1.4.10 Remark. (Theorem vs. Metatheorem) In the expression Γ h A, "A" is the theorem, not "Γ I- A". After all, a theorem by definition has to be a single formula that appears somewhere in some proof (1.4.7). So what is "Γ h A" then? It is a weiatheorem. It is a statement that we are making about our logic, about what the logic can do, if we take all the formulae in Γ as assumptions. It says, "there is a proof, which from assumptions Γ proves A." But how does one establish the validity of such a meta-result as quoted immediately above? By proving within Boolean logic—according to Definition 1.4.5, that is— the theorem A using assumptions Γ. This action does two things at once: It proves A (from Γ) and it also metaproves the statement ΓI- A. Nevertheless, people are mostly shy of such distinctions and it has become acceptable practice to say (by abuse of language) things like "I proved Γ I- A " all the time. See also the start-up comment in the next chapter. • 1.4.11 Exercise. So that you can check your understanding of the concepts proof and theorem, show (i.e., present proofs) that (1) A V- A, for any A. (2) A more general form of (1): If A is a member of Σ—also written "A € Σ"— then Σl· A. (3) h B, for any axiom B. • 1.4.12 Remark. (Hilbert Proofs) A Γ-proof is also called a Hilbert proof after the name of the great mathematician David Hilbert, who essentially was the first serious proponent of the idea to use logic to do mathematics. Hilbert also helped to found modern logic in an axiomatic and rigorous setting, and defined the concept of proof, essentially as above. 51

"There are some inessential differences. Hilbert used a different set of logical axioms, and a single rule of inference.

46

THE BEGINNING

In practice we write a Hubert proof vertically on the page, i.e., one formula on top of the other, numbering every formula. It is imperative that we provide annotations to explain what we are doing at every step and why. The numbering assists us in referring to previous formulae. All proofs, whether they are in the Hubert style or in the equational style (the latter style will be introduced shortly), must be annotated. • 1.4.13 Example. (Some Very Simple Annotated Hubert Proofs) (a) We will verify that "A, A = BVB" for any formulae A and B. Thus we need to write a formal proof of Β using A and A = Β as hypotheses (cf. 1.4.10). The part "for any formulae A and B" makes this result applicable to infinitely many instances, one for each specific choice of A and B. It is therefore a metatheorem schema. We could have said instead, "prove the schema Α, Α Ξ Β h B", a formulation where the part "for any formulae A and B" is redundant. The same comment applies to any theorems (and metatheorems) that we will prove where we have letters to stand for arbitrary formulae. Let us establish (a) now. Make sure you memorize the style! This is how you will write your own Hubert proofs. Every line must be numbered and annotated!

(1) (2) (3)

A

(hypothesis)

A = Β (hypothesis) Β

((1) and (2) and Equanimity)

Worth stating. It is clear from Definition 1.4.5 that assumptions can be scrambled. So we have also established Α Ξ Β, A h Β by the very same proof. Can we also swap A and Β in Α Ξ B? It turns out that we can. But the above proof does not address this question: after all, Β Ξ A is never mentioned. It is a fatal error to say, "but is not ' = ' symmetric? I can see that it is so from the truth table of p. 29." No; you see, we have not connected our syntactic proofs with semantics yet. Until such time, the only things that we may assume that we can do must directly follow from 1.4.5 in connection with our axioms and rules of inference. (b) We next (meta)prove Α Ξ Β h C[p := Α] Ξ C[p := B].

(1) (2)

(hypothesis)

A = B C[p := A] = C[p

B\ ((1) and Leibniz)

Hmm. Is there a pattern here? Indeed there is! Any rule like (R) of p. 40 leads to the statement of provability Pi,

Pi,

,Pn^Q

as the proof PuPi

•,Pn,Q

PROOFS AND THEOREMS

47

establishes. This once we have written a Hilbert proof horizontally and without annotation, in order to expedite the obvious. That this is a {Pi, P 2 , · • · , P }-proof of Q is clear: Referring to Definition 1.4.5 we see that writing Pi, P2,..., P (indeed doing so in any order if we wish) is legitimate by Prl. Then following this by writing Q is also legitimate by an application of rule (R) on the previously written formulae. n

n

This is why in some of the literature (e.g., [43]) rules of inference are written as in (R ) above rather than in "fraction form". Tradition has it that derived rules of inference are always written in the style (R ). After all, such a rule is a (meta)provable principle and says that from certain assumptions we can prove a certain conclusion. 1

1

(c) We (meta) prove a derived rule of inference, called transitivity. It is A = B,B = C\- A = C

(Transitivity)

Here it goes: (1)

A = Β

(hypothesis)

(2)

Β = C

(hypothesis)

(3)

(A = Β) = (Α Ξ C) ((2) and Leibniz, denom. "A = p " where ρ is fresh)

(4)

A= C

((1) and (3) and equanimity)

What's this about "fresh"? This means that ρ does not occur in any of A, B, C. Actually, all I need here is that it just does not occur in A, but it takes less space to say it is fresh in the annotation, so I can fit it in one line! I want ρ not to occur in A so that when I do "(A = p)[p := B] = (A = p)[p := C\" I am guaranteed that I get line (3). If ρ does occur in A then the substitutions will change A and I will not get line (3)! See also 1.3.17. Pause. But what if I cannot find a fresh p? Actually, I always can, since I have an infinite supply of variables, while only finitely many appear in A, B, C. (d) We next prove the theorem (schema) A = A. Note that I mentioned no assumptions. This is an absolute result. Another way to say this is "metaprove I- Α Ξ A", or if you hate to say "meta", say instead, "establish that h A = A" or "show that h A = A". (1)

A V A = A (axiom)

(2)

A = A

((l)andLeib: A[p := Av A] = A[p := A] where ρ is fresh)

A few remarks: (i) We may use any logical axiom of the form " . . . = · · · " in place of A V Α Ξ A in the above proof. By the way, this is our first proof where we used a logical axiom. (ii) For logical axioms our annotation will just be "axiom". For special axioms, our annotation will always be "assumption" or "hypothesis".

THE BEGINNING

48

(iii) We do not need to name the axioms (idempotent, etc.) in our annotations, and certainly I do not want you to memorize their numbers in the list! (What if I scramble the list?!) But we must be truthful. Writing, say, "A = B" and annotating "axiom" will not get us anywhere. (iv) Rules must be named, and we must annotate how they are applied! In what follows we will make a habit of abbreviating rule names. For example, "Leibniz" will be Leib and "Equanimity" will be Eqn. Transitivity will be Trans. In the next chapter we systematically prove several theorems (in almost all cases schemata) and metafheorems to enrich our toolbox and enhance our familiarity with the methodology. We also introduce the equational style of proof. •

1.5

ADDITIONAL E X E R C I S E S

1. Which of the following are Boolean formulae? Why? (Do not use any general principles; just try to give a good reason based on the definition of formulacalculation (1.1.3)). •

ρ

• (Ρ)

• Τ • V • P-*( A V £?)". Prove that every formula is tautologically equivalent to one that contains no constants (±, T) and moreover, the only connective in it is J.. 20. Let us introduce a new Boolean connective Τ by "A | Β means ->(ΑΛ Β)". Prove that every formula is tautologically equivalent to one that contains no constants (_L, T) and moreover, the only connective in it is T-

CHAPTER 2

THEOREMS AND METATHEOREMS

2.1

MORE HILBERT-STYLE PROOFS

Before we begin. A word on the use of the headings "theorem" and "metatheorem". In what follows we will prove several theorems and a few metatheorems. Some of the theorems will be absolute (no assumptions beyond logical axioms used) and some will be relative. These will be tersely stated with headings like "theorem" and the text of the result will have the format "h A" or "Γ h A" respectively. The theorem in each case, announced by the heading "theorem", is just "A" (cf. the discussion in Remark 1.4.10); thus the heading is purposely abusing terminology—but this conforms with normal practice. On occasion we will establish statements of the form "if Γ h A, then also Σ h £?". This type of result will be a metatheorem that will appear with such a heading.

2.1.1 Metatheorem. (Hypothesis Strengthening) If Γ h A and Γ C Δ, then also Ah A. Note. Γ C Δ means that every formula of Γ also occurs inside Δ. Mathematical Logic. By George Tourlakis Copyright © 2008 John Wiley & Sons, Inc.

51

THEOREMS AND METATHEOREMS

52

Proof. Any Γ-proof of A is also a Δ-proof, for whenever the legitimacy of writing down a formula Β in the proof is by virtue of Β being in Γ, then this precise step would also be legitimate if we were composing a Δ-proof, since Β is also Δ. The other two legitimate reasons for writing a formula down are independent of our choice of assumptions (cf. 1.4.5). • 2.1.2 Remark. In particular, if h A, then also Γ h A for any set of formulae Γ. This is because 0 C Γ vacuously. • 52

2.1.3 Exercise. Prove the content of the above remark not as a corollary of 2.1.1 but directly from 1.4.7 or 1.4.9. • 2.1.4 Metatheorem. (Transitivity off-) Suppose that we have Γ h B\, Γ h B , Γ h B . Suppose, moreover, that we also have B\,..., B h A. Then Γ h A. 2

n

n

Proof. By assumption we have Γ-proofs (cf. 1.4.8) (1) ,B

(2)

2

(n) We also have a B j , . . . , B -proof n

(n+1)

•,A

We now concatenate all proofs (l)-(n) (in any order will be fine) and append to the end of the result proof (n + 1) to form the sequence • · ·, B\ ...,B

2

,...,

. · ·, Bi

·> ·

·

• Ϊ

..., B

n

, ...,A

(*)

In (*) every formula C satisfies either Case 1 or Case 2: Casel: Is in a sequence among (l)-(n). Thus C is either written outright (because it is in Γ U Λ) or because it follows from a previous formula, via Eqn or Leib. This "previous" consideration is localized in the sequence ((i), i = 1 , . . . , n) where the formula belongs. Case2: Is in the sequence (n + 1). Thus C is either written outright (because it is in Λ or is one of the Bj) or because it follows from a previous formula, I trust that you cannot think of any member of 0 that is not in Γ. "The boxes are inserted to improve readability.

52

MORE HILBERT-STYLE PROOFS

53

localized in the sequence (n + 1), via Eqn or Leib. We would like to say that (*) is a Γ-proof and rest the case. The only part above, while checking the sequence for legitimacy, that may bother us momentarily is the underlined part in Case 2 above: Writing Bi outright is fine for a B\,..., B -proof but may not be for a Γ-proof since we have no guarantee that Bj is in Γ. n

No problem: Any Bi that is written down in the . . . , A\ (last) segment of the sequence {*) is legitimate in the Γ-proof context. Indeed, it was already legitimized as the last formula of the . . . , Bi\ segment. So (*) is a Γ-proof, and thus A is a Γ-theorem. • 2.1.5 Remark. The above metatheorem makes derived rules of inference usable. While primary rules, by definition (1.4.5), are applicable to any formulae that appear in a proof, it was not a priori clear that this applies to derived rules such as "A = B,B = C \- A = C". Now it is. Any proof that looks like . . . , A = Β, . . . , Β ΞΞ

C, . . .

...,B

B,...

or like = C,...,A

=

can be, if it fits our purposes, continued as ...,A

= B,...,B

= C,...,A

= C

...,B

= C,...,A

= B,...,A

= C

or

respectively.

•

Metatheorem 2.1.4 has a very important corollary: 2.1.6 Corollary. If Γ U {A} h Β and also Γ h A, then Γ h B. The notation Γ U {A} was introduced in 1.3.14(3). A shorter form of it often used in writings in logic is "Γ + A". Proof. The proof of Β from Γ U {A} utilizes, besides A, only a finite number of formulae from Γ—because every proof has a finite number of steps, so it can use only finitely many formulae. Say the formulae used from Γ are C i i C-i,

C$,...,C

n

Thus the proof of Β is from {Ci,C ,C ,... 2

,C , A], that is,

3

n

C C ,C ,...,C ,AhB u

2

3

(1)

n

Since for any D in Γ we have Γ h D (cf. 1.4.11), it follows that rhC

1 )

ri-C ,rhC a

3 )

... rhC )

n

(2)

THEOREMS AND METATHEOREMS

54

Statements (1), (2), and the given Γ h A jointly satisfy the hypotheses of 2.1.4. Thus we have at once that Γ h B. • 2.1.7 Corollary. / / Γ U {A} h Β and also h A, then Γ h B. Proof. By 2.1.1, the hypothesis h A can be replaced by Γ h A Corollary 2.1.6 concludes the argument. • Corollary 2.1.6 essentially says that in a proof (from Γ) we are allowed to write down, not only (1 )-(3), that is, (1) any axiom, (2) any member of Γ, (3) any result of an inference rule applied to already-written-down formulae, but also we may write down (4) any Γ-theorem (like A above). In other words, the corollary justifies the legitimacy of quoting or using in proofs already-proved theorems without having to prove them all over again every time we need to use them! 2.1.8 Exercise. Show that Γ U {A} h Β and also Δ h A, then Γ U Δ h B.

•

All the preceding metatheorems in this section, and the exercise above, are independent of the choice of logical axioms and rules of inference as is clear from their proofs. We next turn to theorems and metatheorems relating to " Ξ " . 2.1.9 Theorem, h (A = (Β Ξ C)) = {(A =

B)=C)

Note. This is the mirror image of axiom schema (1). Proof. (1)

{(A = B) = C) = {A={B

(2)

({{A = B) = C)^(A=(B^

= C))

(axiom)

C)))

= ((A = {B = C)) = {{A = B) = C)) (axiom) (3)

[A={B

= C)) = {{A = B) = C)

((1,2) + Eqn)

•

2.1.10 Remark. The above theorem/axiom (1) pair allows us to insert brackets in any way we please in a chain of Ξ signs, or not insert them at all, since it does not matter one way or another. 54

If you believed, as you should, what I have just said above, then you may skip this part. Strictly speaking, the pair of 2.1.9 and axiom (1) deal with a chain of two = signs. The general case can be dealt with by (strong) induction on the length (i.e., ^Recall that "Α Ξ Β Ξ C" is the least-parenthesized notation for "(A to 1.1.11.

= (B = C))" according

MORE HILBERT-STYLE PROOFS

55

number of Ai) in the chain. The basis (n = 3) being settled as noted, we turn to the case of η > 3, where we want to show that h A = A = ••• = A Ξ ^AuA2,...,Anj x

2

(0)

n

The notation "(A , A ,..., A )" indicates, solely for the purposes of the exposition here, an =-chain of Ai in the order given, where brackets (other than the indicated outermost pair) are arbitrarily placed (we do not care how). Of course, the left-hand side implies that brackets are present and inserted from right to left (cf. 1.1.11). We have two cases pertaining to the right-hand side of (0), and these depend on where the last = was inserted (last in a formula-calculation of (Ai, A?,A ), that is): x

2

n

n

Case l :

55

The right-hand side of (0) is (omitting outermost brackets) A\ = D

where D denotes the Ξ-chain (A ,...,

A ).

2

n

(1)

By the I.H.

hA = •••= A = D 2

(2)

n

By 1.4.9, using the above in an application of Leibniz with "denominator" Αχ = ρ (ρ fresh) I obtain

h [A, = (A

Ξ

2

• · ·

= A ))

= [A, = D)

n

which, by right associativity of =, is (0). Case 2 :

56

The right-hand side of (0) is (omitting outermost brackets) (A ...,A )=E u

where k > 1 and Ε denotes (A i,..., A ). cases, Ε is nonempty, i.e., k < n. By the I.H. k+

Η

A

(3)

k

n

By the comment that led to the two Ay

= (A = • • • = A ) = (A ,...,

l

2

k

(4)

k

x

By 1.4.9, an application of Leibniz with "denominator" ρ = Ε (ρ fresh) yields from ("numerator") (4): h ([A

x

= (A, = --- = A )) = E) = ((A k

u

...,A ) k

= E)

(5)

By Theorem 2.1.9, I-

(A, = ((A = -.. = A ) = E)) = ((A, = (A 2

k

The last inserted = is the leftmost. The last inserted = is not the leftmost. Same as "I- A\ = • • • = A = (A\,..., only for emphasis; cf. 1.1.11.

2

Ξ

· · · =

A )) = k

E)

(6)

55

56

57

k

A )". k

The brackets around Ai = • · · = A

k

are inserted

56

THEOREMS AND METATHEOREMS

Remembering 2.1.5, and using 1.4.9 with an application of the derived rule (Trans) (p. 47), (5) and (6) yield r- (A = ((A = --- = A ) = E)) = ((A x

2

u

K

...,A )=E)

(7)

k

By Case 1, h Αι Ξ • · · = A • • · Ξ A -! =A = k

n

n

(Ar = {{·•• = A ) = • £ ) ) k

(8)

thus, by an application of 1.4.9 and (Trans) on (7) and (8), we get (0). Thus, in a chain of any number of = signs, we insert brackets merely to visually suggest what we have in mind, but for no other reason, as they have been shown to be redundant. • 2.1.11 Theorem. (The Other Equanimity) B,A = BV A Proof. (1)

Β

(hypothesis) (hypothesis)

(2)

A= Β

(3)

(Α Ξ Β) Ξ (Β Ξ A) (axiom)

(4)

Β = Α

((2, 3) + Eqn)

(5)

Α

((1,4) +Eqn)

•

The original primary "Eqn" says that if I assume an equivalence and the left formula of the equivalence, then I can conclude the right. This derived rule says that if I assume an equivalence and the right formula of the equivalence, then I can conclude the left. In all that follows we will call "Eqn " either the primary (Inf2) or the derived one without notice. 2.1.12 Theorem. 1- A = A Proof. We have already proved this schema in 1.4.13. We have stated it here again because it is important. • 2.1.13 Exercise. We proved the above using Leib and the trick that A[p := B] expands to A if ρ does not occur in A. This time, prove the result without the trick, but be careful not to introduce any circularities in your proof! • 2.1.14 Corollary, h ± = _L Proof. This is a specific instance of the theorem schema above. It is one of our very few examples of "theorems" as opposed to (the majority that are) "theorem schemata". •

MORE HILBERT-STYLE PROOFS

57

2.1.15 Corollary, l· Τ Proof. (1)

T = l = l (axiom)

(2)

±~±

(absolute theorem, cf. 2.1.6)

(3)

Τ

((1) and (2) and Eqn)

•

Worth Repeating: (Γ-) theorems can be inserted in any (Γ-) proof just like axioms are. This is due to Corollary 2.1.6 and has been employed above. In the above case Γ = 0. 2.1.16 Theorem. (Eqn + Leib Merged) C\p := A], A = Β I- C*[p := B] Proof C[p := A]

(hypothesis)

(2)

A= Β

(hypothesis)

(3)

C[p := A] = C[p := B] ((2) + Leib)

(4)

C[p:=B]

(1)

((1,3) +Eqn)

•

In our annotations we will call the above derived rule, whenever used, "Eqn/Leib" or "Leib/Eqn". 2.1.17 Remark. (Equivalent Logics) A Boolean logic is determined by its language, its logical axioms and its rules of inference. Fixing the language, two different choices of the remaining tools lead to two "different logics" as we say. These are equivalent if and only if they have exactly the same theorems. That is, one can do with the first set of tools precisely what one can do with the second. Compare with programming languages: There is a theorem (one can encounter this theorem in a variety of courses, including possibly data structures, or theory of computation) that the pair of instructions "if . . . then . . . else . . . " and "goto . . . " have exactly the same power as the pair "if... then . . . else . . . " and "while . . . do . . . " . That is, whatever one can do (i.e., program) using one, one can do using the other. How does one prove such results? By simulation. One proves that each set can simulate or "implement" the other. Back to logic, we just saw that Eqn and Leib can simulate "Eqn/Leib", so whatever we can do (i.e., prove) using the Eqn/Leib we can also prove using Eqn and Leib—i.e., our original logic. It turns out that, conversely, Eqn/Leib can simulate each of Eqn and Leib. Thus if we were to make an about face and drop Infl and Inf2 and adopt instead Eqn/Leib as our only primary rule, keeping the same logical axioms, we would get precisely the same theorems in the new logic as in our current logic. The new logic would be equivalent to the original ([32] uses Eqn/Leib as primary).

58

THEOREMS AND METATHEOREMS

While we will not do that, and will continue as planned with Infl and Inf2 as the primary rules—where Eqn/Leib is just a derived rule—it is nevertheless instructive to see the truth of my claim. (I) Simulation of Eqn by Eqn/Leib: (1)

A

(2)

A = Β (hypothesis)

(3)

Β

(hypothesis) ((1, 2) + Eqn/Leib: A is p[p := A] and Β is p[p := B}}

(II) Simulation of Leib by Eqn/Leib: Preparatory discussion: We want to (meta)prove A = Bh C[p := A] = C\p := B] using the axioms, but no rule other than Eqn/Leib. So we pick arbitrary A,B,C and p. Let us also pick a q that is not ρ and does not occur in any of A, C. Clearly, the substitution C[p := A] has the same result as C[p := q][q := A}. * That is, first change ρ into q everywhere in C and, after that, change q everywhere in the resulting formula into A. Similarly, the substitution C[p := B] has the same result as C[p := q][q := B\. 5

(1)

A = Β

(2)

C[p := A\ = C[p := q][q := A] (theorem (2.1.12); cf. discussion above)

(3)

C[p := A] = C[p := q][q := B\ ((1, 2) + Eqn/Leib)

(hypothesis)

In view of the preparatory remarks, the formula in line (3) is C[p := A] = C[p := B] as needed, and line (2) is (c[p (c[p

:= A] = C[p := q]^ [q := A] while line (3) is

•— A] = C[p := q]^ [q := B] as required for the proper application of

Eqn/Leib. By this I mean the requirement that "[p := A}" and "[ρ := B]" each apply to the same entireformula, not to some part thereof. Note that the assumption on q and A, C guarantees that q does not occur in C[p := A] and therefore C\p := A][q := A] and C[p := A][q := B] each give the same result as C\p := A}. Fatal Error! In the proof above, 2.1.12 was used to metaprove Leib (Infl), yet Leib was used to prove h Α Ξ A (cf. (d) on p. 47). So the above is an invalid (circular) proof! Not really. It is not a circular proof because 1- A = A is directly provable from Eqn/Leib and the given axioms! (I just wanted to tease you a bit.) Here's how:

1

(1)

A V A = A (axiom)

(2)

A V A = A (axiom)

(3)

A= A

(Eqn/Leib + (1,2): The "C-part" is ρ Ξ A—fresh p)

You don't believe me? Then do Exercise 2.1.18.

•

MORE HILBERT-STYLE PROOFS

59

2.1.18 Exercise. Prove by induction on the complexity of C that if q is not p , nor does it occur in C, then for any formula A, C[p := A] and C[p := q][q := A] have the same result. • We conclude the section with some simple but important results. 2.1.19 Theorem, h A = A = B = B Note. By earlier remarks that hinge on the associativity of " = " (cf. axiom (1) and Theorem 2.1.9 as well as Remark 2.1.10), the above can be read in various ways: I- (A = Α) ξ (Β = Β), h- A = (Α ξ (Β ξε Β)), l· ((A = A) = Β) ~ Β, Υ- Α = (Α =. Β) = Β, etc. In the end, one will read it in the most convenient (goal-driven) way. Proof. Brackets below are inserted for clarity so as to drive our argument: (1)

(A = Β = Β) = A

(2)

{{A = Β = Β) = A} = (A = [A = Β = β ) ) (the same axiom)

(3)

A = {A = B = B)

(axiom)

((1) + Eqn)

2.1.20 Corollary. \- L = L = Β = Β andV- A = A =

•

= A-

Proof. Directly from the previous theorem schema, the first time making A specific (namely, ±), the second time making Β specific. • Of course, there is nothing in a name, and the corollary can be reformulated as "h 1 Ξ ± = A = Α ΆηάΥ- A = A = ± = _L". 2.1.21 Corollary.(RedundantTrue) h J = A = Aandh A = A = J Proof. (1)

T = l = l

(axiom)

(2)

1 = L = A~A

(abs. theorem)

(3)

T = A= A

(Trans+ (1,2))

As for the other one, (1)

Τ ΞΑ Ξ A

(2)

( τ = A = A} = [A = A = τ) (axiom)

(3)

Α = Α = ύ'

(abs. theorem above)

(Eqn+ (1,2))

•

2.1.22 Remark. The import of "redundant true" is mostly felt in equational proofs that we will introduce in the next section. These proofs exploit the rule Leibniz in a process of "replacing equivalents by equivalents". Thus if we view our theorem schema "A = A = T" as "A = (A = T)" we see that—in terms of replacing

60

THEOREMS AND METATHEOREMS

equivalents by equivalents—A is as good as A = T. Thus in an expression such as "A = T" the part " = T" can be eliminated; it is "redundant" and its elimination simplifies the expression we are trying to prove. Conversely, it is often convenient to introduce " Ξ Τ " (or "Τ Ξ ") replacing A by A = Τ (or Τ = A). • We state two easy (but again, important) metatheorems that flow directly from "redundant true" (2.1.21): 2.1.23 Metatheorem. For any Γ and Α, Γ h A iff Γ h Α Ξ Τ. Proof. Only if. From \-A = A = TwegetT\-A^A = Tby hypothesis strengthening (2.1.1). Then, from Γ h Α, Γ h A = Α Ξ Τ, and {A, A = A = T} h A = J (Eqn) we get Γ I- A = Τ by transitivity of h (2.1.4). //: From Τ\-Α = Ύ,Τ\-Α = Α = Ύ, and {A = T,A = A = 1'}Y-A (Eqn) we get Γ I- A by transitivity of h (2.1.4). • 2.1.24 Remark. The import of 2.1.23 lies within the special case AY- A = T : Whenever we work with (special) assumptions, any such assumed formula A can be replaced via Leibniz by T. We will see applications of this remark in the next section. • 59

2.1.25 Metatheorem. For any TandA,B,ifThAandThB,

then Γ 1- A = B.

Proof From Γ h A = Τ, Γ h Τ Ξ Β, and Trans (using 2.1.4). 2.2

•

EQUATIONAL-STYLE P R O O F S

In algebra and trigonometry we often prove identities by calculating, systematically replacing equals for equals, thus—assuming the calculation started with a known identity—preserving equality at every step. For this to work, we have an initial supply of identities (our "knowledge base"). The technique may be, depending on the problem, one of the following: (1) Start with one side of " = " in " . . . = · · · " and calculate (replacing equals for equals) until you reach the other side. These "equals for equals" are among our known supply of identities. (2) Start with the entire " . . . = · · " and calculate until you reach a known identity. Then so is the original equality as it holds iff the one we reach does. (3) Start with each side separately and calculate until you reach in both cases the same formula. For example, to prove 1 + (tana:) = (sec a;) you work as follows, using as knowledge base the identities 60

2

2

cos a: Cf. 1.4.11. ''"Recall that in algebra and trigonometry an "identity" is a formula of the type " . . . = · · " that is true for all values of the variables. So, x — y = 0 is not an identity, but x - y = (x + y)(x — y) is. 59

2

2

2

2

EQUATIONAL-STYLE PROOFS

61

(ii)

sec a; = cos χ (sin a;) + (cos a:) = 1 (Pythagorean Theorem) 2

2

(iii)

Here is our calculation. Note the annotation! 1 + (tana;)

2

= (by (»)>

1 + (sin XJ cos a;)

2

= (arithmetic) (sin

a:)

+

2

(CQSJ)

(cos a;) = (by (iii))

2

2

1

'

1 (cos a;)

2

= (by («)> (sec a;) 2

We can profitably mimic the above style of proof in logic. The presence of the Leibniz rule and the preponderance of axioms that involve " Ξ " make this possible, indeed easy. In logic, the role of " = " is taken over by " Ξ " . / cannot emphasize enough that the two are entirely different symbols and we will not confuse them. So what is an equational proof? It is a proof-layout methodology. (1) What it does not do: It does not supplement, amend, or replace the concept of proof or theorem-calculation of Definition 1.4.5. Nor does it do so for the concept of (Γ-) theorem (1.4.7). Both concepts remain the same. Compare with algebra and trigonometry: The calculation (E) above does not define the concept of proof in these branches of mathematics, but it does provide a template for many nice proofs within the normal framework of mathematical proof: certainly the proof (E) is acceptable as such. Compare also with programming. Some people using, say, the procedural language Pascal may choose to adopt the structured programming methodology and in particular never to use the goto instruction. Others may opt to use goto and follow program development by flowcharts, or indeed use a mixed approach, having their pie and eating it too: Do structured programming with goto (cf. [28]). The programs written by the three groups, for the same problems, will look drastically different. However the existence of these groups and the two methodologies (along with the hybrid methodology) for writing programs does not detract from the fact that all use the very same programming language. Pascal programs have a formal, i.e., syntactic, definition of their structure that is independent of how people plan to use them.

62

THEOREMS AND METATHEOREMS

The same goes for logic. Nevertheless, quite analogously, one can dogmatically stick to the Hubert style of writing and annotating proofs (the "orthodoxy" according to Definition 1.4.5), or instead absolutely insist on writing every single proof under the sun in the equational-style. Then again, the smart user of logic will accept both styles. Such a person will judiciously choose the best tool for the task at hand each time, be it equational style or Hubert style. The more tools we allow ourselves to use, the more effective "provers" we will be. (2) What it does: In many cases it simplifies proofs by allowing a goal-driven approach toward the theorem. (3) What it is: An equational-style proof is a sequence of (Γ-) theorems of the form A\ Ξ A , A = A ,..., Α _ι = A , A = A (1) 61

2

2

3

n

η

n

n+X

Each of the individual theorems Ai = A must receive an independent, individual (Γ-) proof in order to be allowed to appear in sequence (1). i+i

By an independent, individual proof I mean that this proof is external to the sequence, in general, and is not the result of things that we wrote to the left of Ai Ξ A \ in the sequence. Sequence (1) is not a Hilbert-style proof! Exactly how, and with what layout methodology, we obtained each individual proof for the various Ai = Ai \ is totally flexible: Some or all of these may have been proved by equational-style proofs. Some or all may have been proved by Hilbert-style proofs. These individually proved results, Ai = are from our (growing) database of theorems, which we may use in a proof like (1) just like the results (i)-(iii) were part of the database of independently obtained trigonometry facts that were used in our proof (E) on p. 61. i+

+

Pause. For one last time: A theorem is a theorem is a theorem, as per 1.4.7 regardless of how, in Hilbert style or equationally, it was proved. Before we take a careful look at the layout of equational proofs, which is extremely important, let us take out of the way the "metatheory" part. So, what does a sequence of equivalences like the above do for us? The answer is provided by the following metatheorem. By the way, our relaxed terminology theorem vs. metatheorem, agreed to on p. 51, would have us label special cases like A=B,B = C,C=D\~A = D "theorems". What makes the following definitely a "metatheorem" is its dependence on n. 2.2.1 Metatheorem. Αχ = A , A Ξ A ,..., 2

6 1

2

3

A -! n

= A, A = A n

n

n+1

h A Ξ A +i t

This can lead to some ridiculously long, mathematically ugly proofs of trivial results.

n

(2)

63

EQUATIONAL PROOF LAYOUT

Proof. This is seen by repeating the (derived) rule "Trans". A rigorous proof is by induction on n: Basis. For η = 1 we want Αι = A V A\ = A , which we got by 1.4.11. Taking as I.H. the claim for η (it looks precisely as in (2) above) we establish the claim for η + 1. That is, we want: 2

Αχ = A ,A 2

2

= Α ,...,Α ^ι 3

2

Ξ A„,A

η

n

= A Ai n+u

n+

= A

n+2

h Α= λ

A (3) n+2

Here goes a proof of (3): (1) (2)

Ai = A

(hypothesis)

A

= A

3

(hypothesis)

(n)

A

= A„+i

(hypothesis)

2

2

n

(n+1)

Ai = A +i

(n + 2)

A +i = Ai = A +

((l)-(n) + I.H.)

n

A (hypothesis) n+2

n

(n + 3)

n

2

({n+ 1) + (n + 2) + Trans)

2.2.2 Corollary. In an equational proof (from assumptions Γ) such as (I) on p. 62 we have Γ h Αι Ξ Α ι. η+

Proof By 2.2.1 and 2.1.4.

•

2.2.3 Corollary. In an equational proof (from assumptions Γ) such as (I) on p. 62 we have Γ h Ai iffT h A i. n+

Proof. By the previous corollary and Eqn.

•

In practice, just as in trigonometry, if we want to prove Ai (from Γ), then an equational proof allows us to start with Ai and be done as soon as we end up with some known Γ-theorem A i, as 2.2.3 above makes clear. Of course, we do not have to start an equational proof of A with A, but we may do so if this is convenient, or makes things more intuitively clear. Corollary 2.2.2 tells us that a chain like (1) (Γ-) proves the equivalence Ai = A +i. Equational proofs tend to be very natural when it comes to proving equivalences, but as 2.2.3 makes clear, they can also be used to prove formulae other than equivalences (Ai and Α could be anything at all). n+

n

η+Χ

2.3

EQUATIONAL P R O O F LAYOUT

To emphasize the importance of layout, we devote a section to this topic. The layout is vertical, just like that of Hilbert-style proofs, but rather than writing (1) of p. 62 as

64

THEOREMS AND METATHEOREMS

A = A 2

3

(i) A -\

= A

n

A

n

=

n

A +\ n

we write it in the style of (E) on p. 61, that is, in a first approximation, A

x

= (annotation) A

2

= (annotation) ;

(«)

A -l Ξ (annotation) n

A = (annotation) n

Ai n+

Several remarks are in order: 2.3.1 Remark. (1) Going from (i) to (ii) we have economized on writing, improving readability at the same time by not repeating the "joining formulae". By joining formulae I mean, for each i, the A i that occurs to the right of " Ξ " in A = A \ and to the left of " Ξ " in the immediately following equivalence, Ai \ = A{ . Thus, (ii) implies a conjunctional use of the " = " symbol that appears in the leftmost column; that is, it is meant to say precisely what (i) says, i.e., A\ = A and A = A and A = A , etc. In other words, layout (ii) is a compact notation that depicts layout (i) and, therefore, e.g., we can then infer the theorem A\ = A i via 2.2.1. This is totally consistent with normal use of symbols such as " = " and " < " in mathematics. In (E) (p. 61) we are using " = " conjunctionally. In an algebra course, when we write the short "a < b < c" we mean the long "a < 6 and b < c". But wait a minute! "A = Β = C" does not mean "Α Ξ Β and Β = C". The symbol " Ξ " is associative according to axiom schema (1) (cf. 1.4.4, p. 42), not conjunctional. i+

t

+

i+

+2

2

2

3

3

4

n+

Pause. So it is associative. But this does not preclude it from also being conjunctional, does it? It does! We will come back to this question (cf. 3.1.6). For now, we must take it simply on faith: is not conjunctional. We get around this obstacle by inventing a new symbol—in the metatheory, of course!—to denote conjunctional equivalence. This is an informal solution just as the practice in algebra

EQUATIONAL PROOF LAYOUT

65

where "a < b < c" means "a < b and b < e" is informal. That is, I will give neither definitions nor axioms for the new symbol, which we will denote by "·ΦΦ". This is our "conjunctional = " and will appear only in equational proofs and only on their leftmost column at that. Thus, "A Β C" means only "A = Β and Β = C". Reference [ 17] uses " = " for the conjunctional "=". As we will use " = " for formal equality of non-Boolean objects in the predicate calculus part of the volume, and we are already using it in the metatheory as the "ordinary" equals—for example, between strings—we prefer not to overload this symbol further with yet a third meaning. So " A" an axiom. This kind of "abuse of nomenclature"—that expresses our unconcern for permutations of terms in a Ξ-chain—will persist and receive definitive and general justification in Remark 2.4.8. (4) Just as with Hubert-style proofs we need not specify which axiom we are using in steps annotated as "axiom". This should be obvious from the axiom's form. (5) As is often the case, the condition " p fresh" is an expedient overkill. For example, in the last occurrence of the condition above, I could have given the (longer) condition " p does not occur in £ " , and that would still work—I just wanted the substitutions to leave Β unchanged. (6) Increasingly I will be omitting the condition ρ fresh in obvious situations such as the above. • A trivial adaptation of the theorem's proof yields: 2.43 Corollary, h ->(A Ξ Β) = A = Proof. (Equational) - ( A = B) Φ> (axiom) Α =

ΒΞ±

^ (Leib + axiom: Β Ξ ± = - . β ; "C-part" is Α Ξ ρ; ρ fresh) Α

Ξ

Β

-ι

Π

2.4.4 Theorem. (Double Negation) h ->-^A = A Proof. (Equational) —A Φ> (axiom) -.A = ± •«· (Leib + axiom: ->A = Α Ξ ± ; "C-part" is ρ = J_) A = ±

=

J_

(Leib + axiom: Τ = 1 Ξ 1 ; "C-part" is A = p) Α <S=>

Ξ

Τ

(redundant true, i.e., h Α A

Ξ

Α

Ξ

T) •

(1) General Hint: Always plan to start from the more complex side of " Ξ " and use our database of results, and our rules, to get it simpler and simpler, until you reach the other side.

68

THEOREMS AND METATHEOREMS

(2) A general technique—in the context of s-chains—worth imitating is to use axioms (1) and (2) without notice, to bracket/unbracket, to move brackets around, and to rearrange the order of subformulae separated by one " Ξ " (that occurs at either end of the chain). The general annotation here, without details, would be "axioms (1,2) + Leib". (3) I have also made good on the earlier promise to be less pedantic and start omitting far-too-obvious ρ fresh conditions. 65

2.4.5 Theorem, h Τ Ξ - . ± Proof. (Equational)

Τ (axiom)

± = _L (axiom)

-.±

•

2.4.6 Corollary, h ± = -.T Proof. (Equational)

-.T (Leib + 2.4.5; "C-part" is - p ) -.-.1 (2.4.4)

±

•

2.4.7 Theorem, h A V Τ Proof. (Equational) AvT (Leib + axiom: Av(lsl)

Τ Ξ Ι Ξ Ι ;

"C-part" is A

V p ; note inserted brackets!)

(axiom)

/ΙνίΞΑνί

•

One normally does not draw attention to the obvious and leaves it unsaid in the proof: The last line is a theorem by 2.1.12. W e soon show, in 2.4.8, that neither the hedging "separated by one" nor "(that is at either end of the chain)" are necessary.

65

69

MORE PROOFS: ENRICHING OUR TOOLBOX

2.4.8 Remark. Axioms (5) and (6) are the unsung heroes in the case of V-chains just like (1) and (2) are in the case of Ξ-chains. To begin with, axiom (5)—just as it was the case with Ξ-chains and axiom (1)—allows the insertion or omission of brackets in a V-chain in any manner we please. Of course, the proof of this fact, exactly like the one in 2.1.10, hinges also on theorem (f) below, which is the mirror image of axiom (5): h Av(BvC) = (AvB) V C (f) One proves the above exactly analogously with 2.1.9. Moreover, axiom (6) along with the Leibniz rule and the associativity of V allows you to prove that in a chain of V-signs you can swap any two subformulae, i.e., h BV C V D = DV C V Β and, more generally, \- AV BV C V DV Ε = AV D V C V B V E. Indeed, BVCVD -i=» (axiom (6) via (5), the latter allowing us to put brackets where we want them) DVBVC

(*)

t> (Leib + axiom (6). "C-part" is D V p) DVCV

Β

From this we can easily prove the general case: AV BVCV

DV Ε

(Leib + special case just proved. "C-part" is A V ρ V Ε) AV DV C V BV Ε Entirely similar comments hold for Ξ-chains (due to axioms (1) and (2)). This can be seen by repeating the above two proofs, replacing V by Ξ throughout, and replacing references to axioms (5) and (6) by references to (1) and (2). For example, h (Β Ξ C = D) = (D = C = B) is proved by rephrasing (*) above: B = C= D ο (axiom (2) via (1), the latter allowing us to put brackets where we want them) D =B =C (Leib + axiom (2). "C-part" is D = p) D=C=B

•

The following occurs often. We might as well record it. The formulation is mindful of what we have just said in 2.4.8. 2.4.9 Proposition, h (A = B)V [C = D) = AV C = BV C = AV D = BV D Proof. (A = B)V{C = D)

70

THEOREMS AND METATHEOREMS

(axiom)

(A = B)VC = (A = B)VD (Leib + axiom; uses 2.4.8 implicitly!; "C-part" is ρ Ξ (A = Β) V D)

AvC=BvC={A

= B)vD

& (Leib + axiom; uses 2.4.8 implicitly!; "C-part" isAvC

AVC

Ξ

BvC

Ξ

= BvC = p)

AV D= By D

•

2.4.10 Theorem, h A V _L Ξ A Proof. (Equational) Here is a case where (after some thought) we find it convenient to deal with the entire formula.

Αν

1

Ξ

A

& (Leib + axiom: A = A V A; "C-part" is A V _L Ξ ρ)

Αν ±

Ξ

Αν A

(axiom) AV(1

= A)

& (Leib + axiom: 1 = A = -Ά; "C-part" is A V p) AV-iA

•

Strictly speaking, ± = Α Ξ -Λ is a trivial theorem that axiom schema (4) yields via 2.4.8. Let us skip to some provable properties of —•: 2.4.11 Theorem, h A-> B=^AV

Β

Proof. A - Β Ο- (axiom)

Αν B = Β (Leib + 2.4.10; "C-part" is A V Β = ρ)

Αν

β = _L V

Β

Φ> (axiom)

[A = ±)V Β A V ( β

C)

Ξ

(axiom) —•>! Μ Β =

-ι

AV C

(Leib + 2.4.11: "C-part" is ρ Ξ -,Λ V C) Λ ^ β Ξ - A v C

(Leib + 2.4.11: "C-part" is A - > β Ξ ρ) A^B

= A-+C

•

2.4.14 Remark. (1) It is good form to apply one Leibniz at a time, hence the last two steps. (2) [17] nickname 2.4.11 as "definition of —>"—even though they prove it. In the foundation of logic that we pursue in this volume 2.4.11 is, of course, no "definition" at all, but is a theorem that relates the connectives -ι, V, —». To be sure, there are alternativefoundations of logic that employ only two primitive propositional connectives: V and All the rest of the connectives, e.g., -+, are introduced by definitions such as A^B

= ^A\JB

(1)

Such a definition says that the expression A -+ Β is metatheoretical argot, an abbreviation of -ιA V B. This abbreviation introduces, as a side-effect, the metasymbol —*. But in our foundation the formal symbol —> is a primitive of V and does not get (re)introduced! • Here is a real definition in our context. We introduce a new informal symbol—i.e., an abbreviation—named "φ" as follows: 2.4.15Definition. ΑφΒ=-^{Α

= Β)

•

How are abbreviations-by-definition used? Answer: Expand and go! That is, if I am asked to prove ...Αφ

Β -

λ prove instead ...-,(A

= B)---

^The reader is reminded of the Boolean connectives' priorities; cf. 1.1.11.

72

THEOREMS AND METATHEOREMS

Here's a rather surprising result:

Φ

2.4.16 Theorem, h ((Α

Β)

φ c)

= (Α

φ (Β ψ θ)

Proof. Expanding, we see that we really want to prove the formula schema

Φ> (axiom) -.(A = B) = C = _L (Leib + axiom; "C-part" i s p s C s i ) A=B=L=C=L

& (by Remark 2.4.8) A = B = C = A. = L Φ> (Leib + axiom; "C-part" is Α Ξ ρ Ξ 1) A = -ι(Β = C) = L (axiom)

• Here are some results for Λ: 2.4.17 Theorem, (de Morgan 1) I- Α Λ β Ξ -.(-.Α V Proof. This is a lengthy, but totally straightforward calculation, nothing to write home about. Starting from the "complex" side, we have: -.(-•AV-.B) (axiom) -ι

Α ν -ιβ

Ξ

_L

ο · (Leib + 2.4.12; "C-part" is ρ Ξ _L) A V ->B

Ξ

^B = J_

(Leib + axiom; "C-part" is A V -•£? Ξ ρ—2.4.8 used) A V ->B Ξ Β e> (Leib + 2.4.12; "C-part" is ρ Ξ β ) AVΒ=Α=Β (axiom—with the help of 2.4.8 ) ΑΛβ

•

MORE PROOFS: ENRICHING OUR TOOLBOX

73

2.4.18 Corollary, (de Morgan 2) h A V Β = -ι(-\Α Λ -.β) Proof. This can be proved from scratch totally by imitating the above proof and swapping Λ and V. It is more instructive (and shorter) to see that it actually follows from 2.4.17. π(πΛΛπβ)

(Leib + 2.4.17; "C-part" is - p ) -.^(-.-.Λ V -.-,β)

«Φ· (2.4.4) -,-,Α V - . - . β

(Leib + 2.4.4; "C-part" is ρ V ->-ιβ) AV->->β

AvC=G Since ->A V C is a theorem under our assumptions, so is A V C = C and it can be used in the following proof of Β V C from our two assumptions: BVC (Leib + lemma; "C-part": Β V ρ) β V (A V C) (2.4.8) (AV β ) V C (Leib + assumption A V β + 2.1.23; "C-part": ρ V C) Τ

VC

•

80

THEOREMS AND METATHEOREMS

2.5.5 Corollary. AV B,->Av Bh Β Proof. By 2.5.4, we have Α ν Β , - Α ν β h By B. By 2.5.1(2), we have By Β h B. We are done by 2.1.4. • 2.5.6 Corollary. A V Β, ->A h Β Proof. By 2.5.1(3), we have ->A Υ- ->A V β. We are done by 2.5.5. 2.5.7 Corollary. Α,-Al·

•

±

Proof. By 2.5.5, where we take β to be the specific formula

using 2.4.10.

•

2.5.8 Exercise. The proofs of the three previous corollaries deviated from our usual pedantic Hilbert style. They look more like everyday proofs that a mathematician might write. Give Hilbert-style proofs for each. • 2.5.9 Corollary. (Transitivity of-») Α - . β , β - t C h A - . C Proof (Hilbert-style) (1) (2) (3) (4) (5) (6) (7) 2.5.10Theorem.

A -> β B->C A-» B = - Α ν β B^C = - β VC ->AV Β -.BvC -Ave

(assumption) (assumption) (2.4.11) (2.4.11) ((1,3) +Eqn) ((2, 4) +Eqn) ((5,6) + 2.5.4 (using 2.4.8))

•

A->C,B->£>hAvB->CV.D

Proof. As in 2.5.4, analysis of the two hypotheses yields the theorems (theorems from the hypotheses, that is!)

=c

Ayc

(l)

and

β

V

DΞ D

Informed by the above we calculate:

Ay Β -» CV D « (axiom + 2.4.8)

AVCV β

V

D Ξ CVD

(Leib + (1); "C-part":

pVflvDsCvD)

(2)

THE DEDUCTION THEOREM

81

CvBvflsCVfl (Leib + (2); "C-part": C V p s C v f l )

CwD=C\/D

•

2.5.11 Corollary. (Proof by Cases) A ^ C, Β C

h Αν Β ^ C

Proof. By 2.5.10, A^C,B^ChAvB^C\/C. axiom, we are done via an obvious application of (Leib).

Since C V C = C is an •

2.5.12 Remark. (1) The name of 2.5.11 derives from what it says: To establish that a formula C is implied by a disjunction A V Β it is sufficient to establish separately both cases: A —> C and Β —> C. (2) Actually there is more to it: By 2.5.2, the result in 2.5.11 is equivalent to

(A-*C)/\(B

-^C)h AVB-+C

(*)

However (*) is a direct result of 2.4.24 via one application of equanimity. The same process also proves "the other direction":

A V Β -> C h (A -> C) Λ ( β -> C) (3) The following special case follows trivially, since ^A V A is an axiom, and therefore I — Ά V A = Τ by 2.1.21. It follows as easily from 2.5.4. We leave the details to the reader. • 2.5.13 Corollary. A -> C, - A -> C h C 2.6

T H E DEDUCTION T H E O R E M

The main result in this section is, strictly speaking, a Meiatheorem. But the above title is its established nickname. It states: 2.6.1 Metatheorem. (Deduction Theorem) If TO {A} h Β, then alsoΓ h A -> B. Note. Due to the notational convention given on p. 53, the deduction theorem can be also stated as "If Γ + A \- B, then also Γ \- A —> B". Much of the proof makes use of the following result. So let us prove it separately, to avoid obscuring the proof of the deduction theorem. 2.6.2 Lemma. A

(B = C) h A -» (D[p := B] = D[p := C})

Proof. This is a theorem schema, of course, and we have handled several such already. However, here we employ a new technique: We prove it not directly, but instead by induction on the complexity of D, in essence /ne/aproving it, first for the least complex D, and then pushing the proof forward from less to more complex Z>. 71

71

1 will be interested to know if you can come up with a direct proof.

82

THEOREMS AND METATHEOREMS

That this constitutes a metaproof is clear: Our logic does not "know" induction! Basis. D has complexity 0: So it is one of: (1) p: Then we must show A -> (Β Ξ C) h A —> (B = C) and we are done by 1.4.11. (2) q (other than p): Then we must show A -> (B = C) h A -> (q = q). Well, start with h q = q by 2.1.12. By (3) in 2.5.1, and 2.1.4, h A -» (q Ξ q). We are done by 2.1.1. (3) Τ or ± :

Same argument as in (2) above.

We now take the complex case, where D has complexity η + 1, on the I.H. that the claim is true for all D (or whatever else you want to call them) with complexity η or less. Throughout the rest of the argument we will not forget that A —> (B = C) is an assumption. We have several cases of how the formula, D, of complexity η + 1, was built: (i) D is ->E. We calculate as follows (cf. 1.3.15): A

( - £ [ p := B) = - £ [ p := C])

(Leibniz, twice along with 2.4.1) A -» — (E[p := Β] ~ E[p := C\) (Leibniz + 2.4.4; "C-part": A -» q) A -> (£[p := β] = E[p := C]) The last formula is an A —> (Β Ξ C)-theorem by the I.H., so this is true for the top formula, too. (ii) D is Ε V G. (A

In view of 2.4.11, we have the (absolute) theorem

(D[p := β ]

Ξ

D[p := C]))

V

Ξ

(D[p := B] = D[p := C]))

thus we will p r o v e - A V ( D [ p := β] Ξ D[p := C]) via the "V over = ' distributivity axiom, i.e., we will prove instead -A

V

D[p := β]

Ξ

-ιA V

D[p := C]

To this end, we calculate as follows (cf. 1.3.15): -A •v=>

V

E[p := β]

V

G[p := B]

(Leibniz + I.H.; "C-part": q -A

V

G[p := β]

V

V

G[p := B\\2.4.8 used as well)

E[p := C]

(Leibniz + I.H.; "C-part": q V E[p := C\\2.4.8 used as well) -A

V

E[p := C]

V

G[p := C]

THE DEDUCTION THEOREM

(iii) D is Ε AG.

83

We calculate as follows (cf. 1.3.15): A - . E[p := B] A G[p := B] (2.4.25) (A - E[p := B]) A (A - G[p := B]) G[p := C])

(2.4.25) A -» £ [ p := C] (iv) D is Ε -> G. -Λ

V

Λ

G[p := C]

We calculate similarly to the "Z? is £ V G" case (cf. also 1.3.15):

--£[p := Β]

V

G(p := B)

A

V

G[p := Β]

V

-.£[p := C]

(Leib + I.H. on G; "C-paft": q V -.JE7[p := C]; 2.4.8 applied implicitly) -ιΑ

V

-.£[p := C]

V

G[p := C]

Finally, (v) Dis Ε = G.

We calculate as follows, mindful of 2.4.13 (cf. also 1.3.15): A -> (E[p := B) = G[p := B]) & (2.4.13) Α

£ [ p := Β] = A -> G[p := B]

*Φ· (obvious Leib + I.H. twice) A —• £ [ p := C] = A —> G[p := C] (2.4.13) A -> ( £ [ p := C] = G[p := C])

•

Proof. (Of the Deduction Theorem) This is a metatheorem about proofs (equivalently, about theorems). It says, essentially, that a proof of Β from Γ and A must be somehow transformable into a proof of A —» Β /rem Γ a/one. So how does one (meta)prove a (meta)theorem like this, that a proo/ from Γ + Α is so transformable? By constructing the transformation by induction on the length of proof where Β occurs (1.4.5), of course! 72

'Even a casual observer will see that this is a proof outside Boolean logic, using such extraneous tools as induction.

84

THEOREMS AND METATHEOREMS

Important! A (metajproof by induction on the length of formal proofs of our given logic is to use the formal definition of proof as in 1.4.5! Specifically, such a metaproof will deal, in the induction step, only with the two primary rules of inference (1.4.2) since each use of a derived rule in a formal proof can be eliminated by "unwinding" (replacing the invocation of) the rule itself into a formal proof, rigorously and completely written according to 1.4.5. Basis. For Γ + A-proofs of length η = 1: Such a proof consists only of B, right? But then, Β must be one of the following (see 1.4.5!): (i) A. Since h A —> A (this is the same as stating h - Β in this case by 2.1.1, remembering that A is B. (ii) In Γ U Λ. Then (1.4.7), Γ h B. Since Β \ A V Β by 2.5.1(3), we are done—i.e., once more Γ \- A —» Β—by 2.1.4. We take for I.H. that the claim of the metatheorem is true for all Γ + A-proofs of lengths η or less. We now look at the induction step, the case where we have a Γ + Α-proof of B, one that has length η + 1. Our aim is to prove that under the I.H. Γ f- A —• B. So in the very last step of this proof, we either wrote down B, or we did not: Case where we did not: Then Β—which we assumed at the outset that this proof proves—must have appeared earlier. Since we can truncate a proof by dropping any length of tail (cf. 1.4.8) and still have a proof, it follows that (dropping, say, the last formula of the proof) we have a proof of Β of length η or less. By the I.H. we conclude Γ h A —• Β in this case. Case where we wrote Β at the very last step: Now, there are two reasons why we may have legitimately written Β (1.4.5): Subcase: Β is one of: A, or is in Γ U A. If so, then we have already argued in the Basis that we will then have Γ h A —• B. Subcase: Β was written down because we applied Eqn in the last step, so C = Β and C have appeared in the proof earlier. By I.H. we have TY-A-+C

(1)

and T h A^{C = B) By 2.4.13 and Eqn, the latter yields Γ h A^C=A-^B

(2)

(1) and (2) yield Γ h A -> Β by Eqn. Subcase: Β was written down because we applied Leibniz in the last step, so Β is D[p := C] = D\p := E] and C = Ε has appeared in the proof earlier. By I.H.

THE DEDUCTION THEOREM

85

Γ Y- A -> (C = E). Now Lemma 2.6.2, via 2.1.4, yields Γ I- A -> (D[p := C] = D[p : = £ ] ) , i.e., Γ h Λ ^ Β . • 2.63Corollary. Γ + Λ Κ Β / 0 Τ Ι - Λ - > β PTOO/

The left-to-right direction ("only i f ) is 2.6.1. The " i f is by MP (2.5.3).

•

2.6.4 Remark. What is the deduction theorem good for? (1) The metatheoretician, who studies rather than uses logic, will proclaim: It shows that all the theorems that we ever need to study are absolute, for whenever we need to show A I- Β we can simply show I- A —• B, since the two are equivalent (metatheoretical) statements by the above corollary. As users, of logic we dismiss this clinical point of view. Indeed, even in metatheoretical work the deduction theorem comes in handy—e.g., see the proof of Post's theorem (3.2.1) in the next chapter. (2) For the user, it is exactly the opposite point of view that is important: To prove "h A —> B" is in general harder to do than to prove "A h B" because the latter asks us to prove a less complex formula than A —> Β—just Β—and it throws in as a bonus an extra assumption—A—that is not available if we are proving A —> B. An extra assumption almost always makes life easier; for it allows us to know more before we start the proof. The user will (almost) always prefer to tackle AY- B, over Υ- A —* B. Indeed, the deduction theorem is used extremely frequently by the practicing mathematician, computer scientist, logician, and any other person who reasons logically. • 2.6.5 Exercise. Assume the deduction theorem, and prove Lemma 2.6.2 from it.

•

2.6.6 Metatheorem. The following are equivalent: (2) For all A, we have Γ h A. (3) For some B, we have Γ Υ- Β Α -ιΒ. Α Γ such as the one in the metatheorem is called inconsistent or contradictory. Α Γ that does not have the property—e.g., it fails to prove at least one formula, which is the negation of (2)—is called consistent. A formula of the form Β A -[p := Α]) Ξ -,(D[p = B]) (cf. 1.3.15), and therefore, by I.H., :

s(^D[p := A]) = e(-Z)[p := B]) iff s(D[p := A]) = s(D[p := B]) Case2: Let next C be D V E. The I.H. applies on D and £ (i.p. of C). Now, C[p := Α] Ξ C[p := B] is (cf. 1.3.15) £>[p := A] V E[p := A] = D[p := Β] V £ [ p := B); hence we get (1) as follows: s(D[p := Λ] V E[p :=A]) = F (a{D\p := A}), s(E[p := A})) v

= F ( e ( D [ p := B]),a(E\p v

•= B])) (by I.H.)

= (Z3[p:= B ] V E [ := B]) S

P

The cases where C is any of D = E, D Λ Ε or D —* Ε are entirely similar to the above and are omitted. 3.1.2 Exercise. Using truth tables, verify that all the logical axioms (1.4.4) are tautologies. • 3.1.3 Metatheorem. (Soundness of Propositional Calculus) Γ h A implies that Γ \=taul A.

The reader will observe that the proof below—the very first sentence in the Basis case—is oblivious to exactly what Γ we have in mind. Thus it is valid for any Γ, from empty to infinite. Proof. We do induction on the length of Γ-proofs where A occurs. Basis. Length η = 1. If A is in Γ, then certainly Γ |= , A (cf. 1.3.11; any state that satisfies Γ will do so for A in particular). If A is in Λ, then | = A as you have verified in the exercise above. But then Γ |=taut A , since again any state s that satisfies Γ will still make s(A) = t {any state whatsoever will make s(A) = t). teu

uut

We now assume the claim for lengths η or less (I.H.) Consider now the case where A occurs in a proof of length η + 1. There are subcases:

92

THE INTERPLAY BETWEEN SYNTAX AND SEMANTICS

(1) A is not the last formula in the proof. So the proof ending with A—obtained by deleting the formulae following A (cf. 1.4.8)—has length η or less. By I.H. Γ hum A in this case. (2) A is the last formula. (2.1) Subcase where A e Γ U Λ is handled exactly as in the Basis. (2.2) Subcase where A was written as a result of an application of Eqn. That is, the proof contains some Β and also Β = A, to the left of A. By I.H., Γ \= Β and Γ |=taut Β = A. Let now s be any state such that s(X) = t for all X in Γ. Thus, s(B) = t and s(B) = s(A). Hence, s{A) = t. aat

(2.3) Subcase where A was written as a result of an application of Leib. So Β = C occurs to the left of A, and A is D[p := B] = D\p := C]. By I.H., Γ (=„,„, Β = C. Let now s be any state such that s(X) = t for all X in Γ. Thus, s(B) = s(C). Hence, s(D[p := Β] Ξ £>[p := C]) = t by Lemma 3.1.1. • 3.1.4 Corollary. If\~ A, then \=

A.

lml

Proof. Take Γ = 0 in the above.

•

3.1.5 Remark. (Counterexample Constructions in Boolean Logic) In what ways is soundness useful? (1) It tells us that we are on track with our "program" to have syntactic tools to verify tautologies: Whatever these tools obtain (as absolute theorems) are tautologies. (2) It allows us to disprove fallacious "results" of the form "such-and-such formula is formally provable—in Boolean logic—from such-and-such assumptions". For example, "ρ V q \- p" is a false statement in the metatheory. It says that from the assumption ρ V ρ we can write a proof that contains (or ends with) p: Impossible! Why? Well, if the claim were true, then we would also have p V q (= p. This is readily seen to be a false claim: Take any state s where s(p) = f and s(q) = t. Similarly, h 1 is false (because (= _L is). By the way, we indicate that "Γ h A is false" (false metatheoretical statement) by writing Γ )hA. • taut

Uut

3.1.6 Example. We already stated on p. 64 that Ξ is not conjunctional—which is why we invented its conjunctional cousin Here is why: The statement means that (1) below is not a theorem schema; i.e., for some specific choices of A, B, C we end up with a nontheorem. A = Β = C = (A = Β)

A

[B = C)

(1)

Our job is to find specific formulae A, B, C that verify (2) below: \f A = Β = C = (A = Β) Λ (B = C)

(2)

Let us try T, ± , and ± respectively and verify (2) by showing

μ „, Τ ω

Ξ

±

Ξ

±

=(Τ = ±) Λ

(±

Ξ

_L)

(3)

POST'S THEOREM

93

The subformula Τ Ξ ± Ξ ± to the left of the " = " connective marked with "f" evaluates as t in any state. Yet, the subformula (T = 1) Λ (± = 1) to the right evaluates as f. This verifies (3). • 3.2

POST'S THEOREM

3.2.1 Metatheorem. (Post's Tautology Theorem) If Τ \= , A, then Γ h A. lau

Proof. The proof of the metatheorem is, of course, informal and uses any tools we may be pleased to employ from the metatheory. It is most convenient to prove the contrapositive, namely, If Γ )M,then Γ )f= A am

(1)

Digression. The term contrapositive refers to an implication. The contrapositive of the formal implication "X —* Y" is "->Y —> -<X". It is trivial to show (exercise!) both h X — Υ Ξ -,y — -,χ and Htaut X

~~* Υ

=

~Ύ

~*

Thus, informal logic, guided by 1.4.2, 1.4.4, 1.4.5 and 1.4.7, proving h X —* Y is as good as proving I— ^X (by Eqn). The term contrapositive also applies to all sorts of implications (including I- and t=taut) in informal mathematics (metatheory). Thus, the contrapositive of "if [·••], then (...)" is "if not (...), then not [· · · ]". (Meta)proving one is as good as proving the other. Thinking commonsensically: Suppose I can prove the last of these two metastatements. Suppose I assume now that "[• · · ]" is true (*) Then it also must be that " ( . . . ) " is true, for if not, then I must have the opposite: "not (...)" is true. As this implies not [· · · ] it cannot be, for it contradicts my assumption (*). Returning from our digression, which introduced a commonly used term of logic, we embark on our proof. This will consist of a few constructions along with a few claims—and their (meta)proofs—about the properties of the objects we construct. First, let us argue that Claim One. There is an enumeration Go,G\,

Gi,...

(2)

of a all formulae of Boolean logic. That is, every formula appears in the infinite array (2), and no string that is not a formula appears there. Proof, [of Claim One] We may make a retroactive adjustment to the alphabet V that makes it finite. This will change nothing that was said so far in this volume,

94

THE INTERPLAY BETWEEN SYNTAX AND SEMANTICS

except a minute remark on p. 9: "Most variable symbols are formed through the use of 'subsymbols'—such as 0,1,2, '— that are not members of the alphabet V themselves", I said there. Well, let me backtrack over this comment, now including 0,1,2,3,4,5,6,7,8,9, ' in an amended V. But I am going to remove all the Boolean variables, except the three p, q, and r, because I am going to build all the rest! This idea is hardly revolutionary, and is entirely analogous to that of building the infinite set of natural numbers by using just two symbols, 0 and 1 (binary notation), or the infinitely many variables of a programming language such as Algol from a finite set of symbols. In the latter case we start with the letters a,b,... ,ζ,Α,Β,... ,Z and the digits 0 , 1 , . . . , 9 and use the algorithm in quotes to build any variable: "A variable is a string that starts with a letter and continues (to the right) as far as we wish, using any letter or digit." So, for the purposes of this section, we take V to be (commas not included) p,

Our partners will collect data and use cookies for ad personalization and measurement. Learn how we and our ad partner Google, collect and use data. Agree & close